Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1528225
MD5:	c1a1b9482e8a9919f29377869aeed256
SHA1:	0abeda4f5eeea27a77ed936db3fa5ca357154d37
SHA256:	d61f17865f56b80605c422884947b6f0c7669891c6265583624ecae250311f02
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 5808 cmdline: "C:\Users\user\Desktop\file.exe" MD5: C1A1B9482E8A9919F29377869AEED256)

taskkill.exe (PID: 5508 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6164 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2968 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6020 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4416 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 3528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 5808	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: chromecache_154.14.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_154.14.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_167.14.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_154.14.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_154.14.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_167.14.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_167.14.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_154.14.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_154.14.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_154.14.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_154.14.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_154.14.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_154.14.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_154.14.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_154.14.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_154.14.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_154.14.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_154.14.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_154.14.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_167.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_154.14.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_154.14.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_154.14.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_167.14.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_154.14.dr	String found in binary or memory: https://www.google.com
Source: chromecache_154.14.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_167.14.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_167.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_167.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_167.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_167.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_167.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_154.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_154.14.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000001.00000003.2246015402.0000000001084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000001.00000002.3467712359.0000000001100000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd041.111
Source: chromecache_154.14.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 60013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 59906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 59952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 59976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 59953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 59905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 59894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59995
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59990
Source: unknown	Network traffic detected: HTTP traffic on port 60026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59991
Source: unknown	Network traffic detected: HTTP traffic on port 59977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 59965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59997
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59999
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 59943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 59966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59892
Source: unknown	Network traffic detected: HTTP traffic on port 59904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 60014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59898
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 59999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 59949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60015
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60010
Source: unknown	Network traffic detected: HTTP traffic on port 59961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60016
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60021
Source: unknown	Network traffic detected: HTTP traffic on port 59938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60028
Source: unknown	Network traffic detected: HTTP traffic on port 59995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60030
Source: unknown	Network traffic detected: HTTP traffic on port 59927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 59919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 59893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60004
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60003
Source: unknown	Network traffic detected: HTTP traffic on port 59985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60002
Source: unknown	Network traffic detected: HTTP traffic on port 60000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60000
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60005
Source: unknown	Network traffic detected: HTTP traffic on port 59890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59942
Source: unknown	Network traffic detected: HTTP traffic on port 59898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59945
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59944
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59951
Source: unknown	Network traffic detected: HTTP traffic on port 59990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59953
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59960
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59963
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59962
Source: unknown	Network traffic detected: HTTP traffic on port 59955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59969
Source: unknown	Network traffic detected: HTTP traffic on port 59989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59968
Source: unknown	Network traffic detected: HTTP traffic on port 59914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59972
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59971
Source: unknown	Network traffic detected: HTTP traffic on port 59933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59973
Source: unknown	Network traffic detected: HTTP traffic on port 59956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59970
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59979
Source: unknown	Network traffic detected: HTTP traffic on port 60004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59982
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59984
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59980
Source: unknown	Network traffic detected: HTTP traffic on port 59978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59907
Source: unknown	Network traffic detected: HTTP traffic on port 59968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59909

Source: unknown	HTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:59939 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:59977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:59997 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:60019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:60023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.5:60026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.5:60030 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.5:60031 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EDEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

1_2_00EDEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EDED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

1_2_00EDED6A

Source: C:\Users\user\Desktop\file.exe

1_2_00EDEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00ECAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

1_2_00ECAA57

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EF9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

1_2_00EF9576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000001.00000000.2208560846.0000000000F22000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_7cfe7569-a
Source: file.exe, 00000001.00000000.2208560846.0000000000F22000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_f9ef84a1-f
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_f9b3d54f-e
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_4e161aad-6

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00ECD5EB: CreateFileW,DeviceIoControl,CloseHandle,

1_2_00ECD5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EC1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

1_2_00EC1201

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00ECE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

1_2_00ECE8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E68060	1_2_00E68060
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00ED2046	1_2_00ED2046
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00EC8298	1_2_00EC8298
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E9E4FF	1_2_00E9E4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E9676B	1_2_00E9676B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00EF4873	1_2_00EF4873
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E6CAF0	1_2_00E6CAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E8CAA0	1_2_00E8CAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E7CC39	1_2_00E7CC39
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E96DD9	1_2_00E96DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E7D063	1_2_00E7D063
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E691C0	1_2_00E691C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E7B119	1_2_00E7B119
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E81394	1_2_00E81394
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E81706	1_2_00E81706
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E8781B	1_2_00E8781B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E819B0	1_2_00E819B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E7997D	1_2_00E7997D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E67920	1_2_00E67920
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E87A4A	1_2_00E87A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E87CA7	1_2_00E87CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E81C77	1_2_00E81C77
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E99EEE	1_2_00E99EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00EEBE44	1_2_00EEBE44
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E81F32	1_2_00E81F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00E80A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00E7F9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00E69CB3 appears 31 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@51/36@12/7

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00ED37B5 GetLastError,FormatMessageW,

1_2_00ED37B5

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00EC10BF AdjustTokenPrivileges,CloseHandle,		1_2_00EC10BF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00EC16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		1_2_00EC16C3

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00ED51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

1_2_00ED51CD

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EEA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

1_2_00EEA67C

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00ED648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

1_2_00ED648E

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00E642A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

1_2_00E642A2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1784:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1996:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6084:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5776:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6148:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Google Drive.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00E642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

1_2_00E642DE

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00E80A76 push ecx; ret

1_2_00E80A89

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E7F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		1_2_00E7F98E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00EF1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		1_2_00EF1C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_1-95857

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7045			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1776			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.3 %

Source: C:\Users\user\Desktop\file.exe TID: 6512

Thread sleep time: -70450s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7045 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00ECDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	1_2_00ECDBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E9C2A2 FindFirstFileExW,	1_2_00E9C2A2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00ED68EE FindFirstFileW,FindClose,	1_2_00ED68EE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00ED698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	1_2_00ED698F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00ECD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	1_2_00ECD076
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00ECD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	1_2_00ECD3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00ED9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	1_2_00ED9642
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00ED979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	1_2_00ED979D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00ED9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	1_2_00ED9B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00ED5C97 FindFirstFileW,FindNextFileW,FindClose,	1_2_00ED5C97

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00E642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

1_2_00E642DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EDEAA2 BlockInput,

1_2_00EDEAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00E92622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_00E92622

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00E642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

1_2_00E642DE

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00E84CE8 mov eax, dword ptr fs:[00000030h]

1_2_00E84CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EC0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

1_2_00EC0B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E92622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00E92622
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E8083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00E8083F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E809D5 SetUnhandledExceptionFilter,	1_2_00E809D5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00E80C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00E80C21

Source: C:\Users\user\Desktop\file.exe

1_2_00EC1201

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EA2BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

1_2_00EA2BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00ECB226 SendInput,keybd_event,

1_2_00ECB226

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EE22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

1_2_00EE22DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

1_2_00EC0B62

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EC1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

1_2_00EC1663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00E80698 cpuid

1_2_00E80698

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00ED8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

1_2_00ED8195

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00EBD27A GetUserNameW,

1_2_00EBD27A

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00E9B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

1_2_00E9B952

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00E642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

1_2_00E642DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 5808, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 5808, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00EE1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		1_2_00EE1204
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00EE1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		1_2_00EE1806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	1 Masquerading	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	1 Registry Run Keys / Startup Folder	2 Valid Accounts	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Virtualization/Sandbox Evasion	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	21 Access Token Manipulation	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	24%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
youtube-ui.l.google.com	142.250.186.142	true	false	unknown
www3.l.google.com	142.250.185.238	true	false	unknown
play.google.com	172.217.16.206	true	false	unknown
www.google.com	142.250.185.68	true	false	unknown
youtube.com	142.250.186.78	true	false	unknown
accounts.youtube.com	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	unknown
https://www.google.com/favicon.ico	false	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_154.14.dr	false		unknown
https://policies.google.com/technologies/location-data	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_154.14.dr	false		unknown
https://apis.google.com/js/api.js	chromecache_167.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_154.14.dr	false		unknown
https://policies.google.com/terms/service-specific	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_167.14.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_154.14.dr	false		unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_154.14.dr	false		unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_154.14.dr	false		unknown
https://support.google.com/accounts?hl=	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_154.14.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_154.14.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.78	youtube.com	United States	15169	GOOGLEUS	false
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
172.217.16.206	play.google.com	United States	15169	GOOGLEUS	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.142	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528225
Start date and time:	2024-10-07 17:07:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal72.troj.evad.winEXE@51/36@12/7
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 37 Number of non-executed functions: 316
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 40.126.32.140, 40.126.32.138, 40.126.32.76, 20.190.160.20, 20.190.160.22, 40.126.32.136, 40.126.32.68, 40.126.32.74, 93.184.221.240, 216.58.206.35, 142.250.185.238, 74.125.133.84, 34.104.35.123, 172.217.23.106, 172.217.16.138, 142.250.186.42, 142.250.185.138, 216.58.206.74, 142.250.186.106, 172.217.18.106, 216.58.212.170, 142.250.186.138, 172.217.18.10, 142.250.184.202, 142.250.186.74, 142.250.74.202, 142.250.181.234, 172.217.16.202, 142.250.186.170, 142.250.185.227, 142.250.185.67, 142.250.185.202, 142.250.185.106, 216.58.206.42, 142.250.185.234, 142.250.185.74, 142.250.185.170, 142.250.184.234, 216.58.212.138, 199.232.214.172, 142.250.181.227, 74.125.206.84, 172.217.18.14
Excluded domains from analysis (whitelisted): clients1.google.com, client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, fonts.gstatic.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, clientservices.googleapis.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, login.live.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, www.tm.lg.prod.aadmsa.trafficmanager.net, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://email.oxblue.com/e3t/Ctc/Q+113/cdDrv04/VXdfjN46m5dxW4GJlKB4fd0DdW2sbCLr5lTFq6N7Hm8xT3qgyTW7Y8-PT6lZ3lzW1ccS1H8Y8rzXW1hrlTV77h1NhW5_pVzH8bsnn6W1PWxqV8D5TN_W4_z5yx2Cz_4sMrZF-GqDHzcW8pZQ3N3BhYgKW3tmwg72n4TxDW4fS46V1-s7dgW57YVF64HfrMMW2BxxC75X21XdW1nBYw_1PMVGyW8s_YKQ6BTQZmW8wDJ4k3-yNbbW2_BGfy66mfVdW937hqt5kq1CcW4XD3mN54BQSWW4G8TK98NTx7zW74frv25zlZbQW5ztJ6n6fGJFrMSqBjr36qwYW2tk9Xh21wMKrW5RXwDq1M2mmrW3nyq_P20wBvNN8-tVH1nqcD1W5m3Vz04sj9CQf2ygfDq04	Get hash	malicious	Unknown	Browse
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.htr.gtdzwq?v=frudxdxrtxfilfrjx.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpjOGJiNWZiM2U4NjZhMDk1M2Y0MGVjY2U1MDhmYjQ4YTo3OmM4Y2I6MDdlZDdhNDI4N2UyMzc1NGJjZGQ1YjkyOWYyODg2OTI5ZDkyNzU0YTQ2NWI4MzhkYWZlMmM3NjA5ZGMyZGNmMzpoOlQ6VA#YnJhbmRvbi53YW5nQGludGVncmFjb25uZWN0LmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
	8ID0109FLT24PO92CD-R.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://www.rhris.com/EmailEmploymentValidation.cfm?EmploymentRefID=E84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse
	https://alquimista.hosted.phplist.com/lists/lt.php?tid=cE0FU1AHDgIFBx4AXQpVFAZXX18ZAwJTUx9QXA8AVFIMCQAEUVZKAFQHUVFfBFYUCloJBRlWDQ1SH15cAl1MUAFUAwIDUgNQUFlSHQxTUg1XUF9VGVIHVgUfUlgOUUxZXAZSGFMFDwxZBFdUWAEDAA	Get hash	malicious	Unknown	Browse
	https://protect2.fireeye.com/v1/url?k=31323334-50bba2bf-3132a9b3-4544474f5631-9e1721db7158d01a&q=1&e=fd99754d-b74a-4ce2-bf27-63a41e808f94&u=https%3A%2F%2Fwww.rhris.com%2FEmailEmploymentValidation.cfm%3FEmploymentRefID%3DE84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse
	VML S.A..pdf	Get hash	malicious	HtmlDropper	Browse
	https://future.nhs.uk	Get hash	malicious	Unknown	Browse
	https://eu.pbe.encryption.symantec.com/login.html?msgUserId=682e23d9f715c97c&enterprise=lgas&locale=en_US	Get hash	malicious	Unknown	Browse
	https://fenster-mark-gmbhsharefile.btn-ebikes.com/	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www3.l.google.com	8ID0109FLT24PO92CD-R.pdf	Get hash	malicious	HTMLPhisher	Browse	172.217.18.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.78
	file.exe	Get hash	malicious	Credential Flusher	Browse	216.58.206.78
	xwZfYpo16i.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc	Browse	142.250.184.206
	file.exe	Get hash	malicious	Credential Flusher	Browse	216.58.206.46
	c3KH2gLNrM.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	142.250.186.110
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.217.18.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.217.18.14
	Fact-2024-10.pdf	Get hash	malicious	Unknown	Browse	142.250.185.78
	4qZ59IMp8b.exe	Get hash	malicious	Credential Flusher	Browse	142.250.184.238

ASNs

⊘No context

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://www.rhris.com/EmailEmploymentValidation.cfm?EmploymentRefID=E84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://future.nhs.uk	Get hash	malicious	Unknown	Browse	23.1.237.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	23.1.237.91
	https://fenster-mark-gmbhsharefile.btn-ebikes.com/	Get hash	malicious	Unknown	Browse	23.1.237.91
	Hscni Remittance_8115919700_16831215.html	Get hash	malicious	Tycoon2FA	Browse	23.1.237.91
	xwZfYpo16i.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc	Browse	23.1.237.91
	High Court Summons Notice.pdf	Get hash	malicious	Unknown	Browse	23.1.237.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	23.1.237.91
	https://pub-a58bcfc58507426ca38ee3be5a258dab.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	https://pub-cc660360e3d14203be254963e70e6e85.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	https://email.oxblue.com/e3t/Ctc/Q+113/cdDrv04/VXdfjN46m5dxW4GJlKB4fd0DdW2sbCLr5lTFq6N7Hm8xT3qgyTW7Y8-PT6lZ3lzW1ccS1H8Y8rzXW1hrlTV77h1NhW5_pVzH8bsnn6W1PWxqV8D5TN_W4_z5yx2Cz_4sMrZF-GqDHzcW8pZQ3N3BhYgKW3tmwg72n4TxDW4fS46V1-s7dgW57YVF64HfrMMW2BxxC75X21XdW1nBYw_1PMVGyW8s_YKQ6BTQZmW8wDJ4k3-yNbbW2_BGfy66mfVdW937hqt5kq1CcW4XD3mN54BQSWW4G8TK98NTx7zW74frv25zlZbQW5ztJ6n6fGJFrMSqBjr36qwYW2tk9Xh21wMKrW5RXwDq1M2mmrW3nyq_P20wBvNN8-tVH1nqcD1W5m3Vz04sj9CQf2ygfDq04	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.htr.gtdzwq?v=frudxdxrtxfilfrjx.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpjOGJiNWZiM2U4NjZhMDk1M2Y0MGVjY2U1MDhmYjQ4YTo3OmM4Y2I6MDdlZDdhNDI4N2UyMzc1NGJjZGQ1YjkyOWYyODg2OTI5ZDkyNzU0YTQ2NWI4MzhkYWZlMmM3NjA5ZGMyZGNmMzpoOlQ6VA#YnJhbmRvbi53YW5nQGludGVncmFjb25uZWN0LmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	8ID0109FLT24PO92CD-R.pdf	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://www.rhris.com/EmailEmploymentValidation.cfm?EmploymentRefID=E84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://protect2.fireeye.com/v1/url?k=31323334-50bba2bf-3132a9b3-4544474f5631-9e1721db7158d01a&q=1&e=fd99754d-b74a-4ce2-bf27-63a41e808f94&u=https%3A%2F%2Fwww.rhris.com%2FEmailEmploymentValidation.cfm%3FEmploymentRefID%3DE84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	VML S.A..pdf	Get hash	malicious	HtmlDropper	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://future.nhs.uk	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://eu.pbe.encryption.symantec.com/login.html?msgUserId=682e23d9f715c97c&enterprise=lgas&locale=en_US	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Credential Flusher	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://fenster-mark-gmbhsharefile.btn-ebikes.com/	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
3b5074b1b5d032e5620f69f9f700ff0e	shipping.exe	Get hash	malicious	AgentTesla	Browse	40.113.110.67 40.115.3.253 40.113.103.199
	https://future.nhs.uk	Get hash	malicious	Unknown	Browse	40.113.110.67 40.115.3.253 40.113.103.199
	wrong bank details.exe	Get hash	malicious	MassLogger RAT	Browse	40.113.110.67 40.115.3.253 40.113.103.199
	z1PO7311145.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	40.113.110.67 40.115.3.253 40.113.103.199
	TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	40.113.110.67 40.115.3.253 40.113.103.199
	Payment.vbs	Get hash	malicious	FormBook	Browse	40.113.110.67 40.115.3.253 40.113.103.199
	PAYMENT SPECIFIKACIJA 364846637-pdf.vbs	Get hash	malicious	Remcos	Browse	40.113.110.67 40.115.3.253 40.113.103.199
	https://bono-sicherheitstechniksharefile.btn-ebikes.com/	Get hash	malicious	HtmlDropper	Browse	40.113.110.67 40.115.3.253 40.113.103.199
	Portal.msi	Get hash	malicious	Unknown	Browse	40.113.110.67 40.115.3.253 40.113.103.199
	http://46.27.141.62	Get hash	malicious	Unknown	Browse	40.113.110.67 40.115.3.253 40.113.103.199

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 14:08:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9753979319155097
Encrypted:	false
SSDEEP:	48:8JlOd+T62uHUidAKZdA19ehwiZUklqeh+5y+3:8Jlzb5H5y
MD5:	2AF072277538D996D8315C129F5179B2
SHA1:	D34E79C6D20E94A7722F30F35942BCE53E0544C5
SHA-256:	E21908380BC64E9743FA686701FE9B26321BC129C674A5CF752A8E00195403D7
SHA-512:	3ABF27A26464CC50E5D40AA17EE5BD840F2ECC5668DC2CB9E7A21076EE31140D3CD55330B3C33368DC0AA7F9E092047A694B693823F05BCA83D303779A0D8B0D
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....8......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY.y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 14:08:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9904639345818658
Encrypted:	false
SSDEEP:	48:8YlOd+T62uHUidAKZdA1weh/iZUkAQkqeh35y+2:8Ylzbr9Q85y
MD5:	C81FEF1D8F00825A0E621D455A0C8286
SHA1:	A6F208A72FC6ECE000F3E92D28575F6B73EFDF32
SHA-256:	CC53530BBFA2DB4665982F407BA5AAB4B0676AE912E75D50197DEA5B4DE91ADC
SHA-512:	A3274B1033635FF9BDF11CC58B95F9DEC0C3BB1B80300CEED918AF0AF7FA973AF9FAA0C52154A777B5DB9E1DB772F9B563553E054655EA50BAE84F387E261CC2
Malicious:	false
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY.y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.001423630665093
Encrypted:	false
SSDEEP:	48:8x0lOd+T62sHUidAKZdA14tseh7sFiZUkmgqeh7sV5y+BX:8x0lzbVn75y
MD5:	BC034E6F991778E8862D5022DC1AF7C2
SHA1:	02C4008371252D536DEA06413D4D94A41A875829
SHA-256:	91FF59D1D75702BBF9BAF885D8AA7566392928EF746B57B5CEC24B4F79745B10
SHA-512:	A73350A5A1B8D26BE0E89B9F3207694743F42A72AD3D190284E710EF18902A0A74781C24B588A6D247E9E019B2BACCDD985652F92544FE6962E2B09E86474A30
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 14:08:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.989610183126819
Encrypted:	false
SSDEEP:	48:8clOd+T62uHUidAKZdA1vehDiZUkwqehz5y+R:8clzboN5y
MD5:	1BE1E7F639334E21224499D4458CA0BF
SHA1:	70352B8DD09584D20444AFFA6C53A021C4C5741D
SHA-256:	CBE9574F86EF11751D76E9028A26FF8F839EDADD8CEA7DCEE4B6FEF47DFF60FD
SHA-512:	AD69CF60CA24490A121FAE27AEC3CE40BCA27C18FA445256116FCAD620D7A13B7856B3605718E223A25298FE100E92E82FD05F0E00B3C721B2D2E9C183754478
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....%......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY.y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 14:08:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.979099306593532
Encrypted:	false
SSDEEP:	48:8wlOd+T62uHUidAKZdA1hehBiZUk1W1qeh55y+C:8wlzb49Z5y
MD5:	97FC0547660C9438B5AC2154E471EED1
SHA1:	312C569AC138D2176754BD624E240E45A5B71930
SHA-256:	D4793236EF6C501D88052DD8C50100CA707A012534B22A1B8EA3A3EBA5AAB251
SHA-512:	20ED8159D9229DDCB770F59FDD779AE05BA875C77257D65FFA4F71767E7982834E5AE025C3D37301775B7BCBD5B34E602754C395EA958AD44E36A299246AED5A
Malicious:	false
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY.y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 14:08:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9903965892112923
Encrypted:	false
SSDEEP:	48:8tlOd+T62uHUidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb75y+yT+:8tlzbWT/TbxWOvTb75y7T
MD5:	80B1B37060604346F80535645EBB5380
SHA1:	E332384DF367619167199840B50F33BA8F9441CD
SHA-256:	BB53BECE18E8E2FEB7D58143A209F4B2C0DCF00849F037934CDADF22B8034299
SHA-512:	1D478FACB8E3DA9AB60346AE5B5DEB93EE0566C03EFA1DC098EF6B937538E271037D5192B50B3E5DBC13CEE0C2B252ACA90655A83B9175648C3D05F79B7E69A3
Malicious:	false
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY.y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698852
Entropy (8bit):	5.594980353163612
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJiH7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiyU+
MD5:	AA9FDCBE29C6D043DC83A7DAD848CCC3
SHA1:	E3F0A387A0A4B060620C975E1C70AA20294F3F22
SHA-256:	1A624C24D6D712C633F0B034606610DAD6B5AD7890FBFA3A9B204BD33207D60E
SHA-512:	C93878CE1281349204ABDB4444B18A12C03A010D1A252827EBFE45523E834988CE95D6E625FF82A60934D7A275AD8DAAC689E4412C5719ACCA8C9E1D4365B4D3
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,FCpbqb,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WhJNk,WpP9Yc,Wt6vjf,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,hhhU8,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.792853825531523
Encrypted:	false
SSDEEP:	6144:x5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:pOeKGSpgu/
MD5:	D6A4595EF381156A4C38FC1268C40783
SHA1:	75B2E4139EE5014416D280B02E1F57724B0A4240
SHA-256:	9E6266EF7F49A5256F373AB78F9D0AE688CA964F542892F5FF0563F05AC6C676
SHA-512:	ACC3385A52ABFA53EE68286C86F2266C2BE7D12350F31AEFD91052616CF417207E5F27A31FEC5FB4B5DDA705C599DD0B724ACA88E9FF682289C3B473902CD79C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEEvjRYpfMDihaNwG0swUsVgVpBIg/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x2046d860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4067
Entropy (8bit):	5.3700036060139436
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
MD5:	FA701F5D7BEF5AF6B676F099A00A1140
SHA1:	4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
SHA-256:	F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
SHA-512:	D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.583819260300462
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	c1a1b9482e8a9919f29377869aeed256
SHA1:	0abeda4f5eeea27a77ed936db3fa5ca357154d37
SHA256:	d61f17865f56b80605c422884947b6f0c7669891c6265583624ecae250311f02
SHA512:	83e5737f6184708c146d147781729c16c5a56d7c2b9172190c424d785b78bb56387bd3d0cd4a09bf8748875cb5d3d1e32b3fa2fddc1bc6b11d65cadae8a53b9e
SSDEEP:	24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8a4UK:6TvC/MTQYxsWR7a4
TLSH:	68159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6703F6DC [Mon Oct 7 14:57:32 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F3B050B2B43h
jmp 00007F3B050B244Fh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F3B050B262Dh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F3B050B25FAh
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F3B050B51EDh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F3B050B5238h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F3B050B5221h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	f461f58f485f73a92e022da71896e990	False	0.3167317708333333	data	5.332672203471322	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 17:08:10.208565950 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:10.208852053 CEST	49717	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:10.226546049 CEST	49717	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:10.226567984 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:10.227515936 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:10.227972984 CEST	49717	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:10.228035927 CEST	49717	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:10.228156090 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:10.892455101 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:10.892518997 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:10.892571926 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:10.892627001 CEST	49717	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:10.892647028 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:10.892704964 CEST	49717	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:10.892716885 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:10.892772913 CEST	49717	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:10.893397093 CEST	49717	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:10.893416882 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:10.893430948 CEST	49717	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:10.893436909 CEST	443	49717	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:11.208261013 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:11.208312988 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:11.208385944 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:11.240334988 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:11.240364075 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.056695938 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.080821037 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:12.080847979 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.090325117 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:12.090331078 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.090419054 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:12.090430021 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.490653992 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:12.490673065 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:12.503329039 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.503360987 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.503427982 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.503483057 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:12.503494978 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.503526926 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:12.503545046 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:12.503863096 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:12.503884077 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.503897905 CEST	49720	443	192.168.2.5	40.126.32.133
Oct 7, 2024 17:08:12.503905058 CEST	443	49720	40.126.32.133	192.168.2.5
Oct 7, 2024 17:08:12.529010057 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:12.529097080 CEST	443	49723	40.115.3.253	192.168.2.5
Oct 7, 2024 17:08:12.529254913 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:12.530023098 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:12.530060053 CEST	443	49723	40.115.3.253	192.168.2.5
Oct 7, 2024 17:08:12.631337881 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:13.489806890 CEST	443	49723	40.115.3.253	192.168.2.5
Oct 7, 2024 17:08:13.490101099 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:13.497656107 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:13.497704983 CEST	443	49723	40.115.3.253	192.168.2.5
Oct 7, 2024 17:08:13.498075008 CEST	443	49723	40.115.3.253	192.168.2.5
Oct 7, 2024 17:08:13.499939919 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:13.500041962 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:13.500055075 CEST	443	49723	40.115.3.253	192.168.2.5
Oct 7, 2024 17:08:13.500571966 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:13.547406912 CEST	443	49723	40.115.3.253	192.168.2.5
Oct 7, 2024 17:08:13.689420938 CEST	443	49723	40.115.3.253	192.168.2.5
Oct 7, 2024 17:08:13.694046974 CEST	443	49723	40.115.3.253	192.168.2.5
Oct 7, 2024 17:08:13.694134951 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:13.694463015 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:13.694504976 CEST	443	49723	40.115.3.253	192.168.2.5
Oct 7, 2024 17:08:13.694535971 CEST	49723	443	192.168.2.5	40.115.3.253
Oct 7, 2024 17:08:15.980165005 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:15.980210066 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:15.980293989 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:15.981091976 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:15.981112957 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:16.742124081 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:16.742295027 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:16.744874954 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:16.744889975 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:16.745136023 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:16.747281075 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:16.747383118 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:16.747390032 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:16.747637987 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:16.795411110 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:16.913575888 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:16.914185047 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:16.914299965 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:16.914330006 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:16.914351940 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:16.914351940 CEST	49725	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:16.914361954 CEST	443	49725	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:18.963246107 CEST	49726	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:18.963326931 CEST	443	49726	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:18.963474035 CEST	49726	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:18.964292049 CEST	49726	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:18.964315891 CEST	443	49726	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:19.730120897 CEST	443	49726	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:19.730231047 CEST	49726	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:19.732090950 CEST	49726	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:19.732110977 CEST	443	49726	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:19.732646942 CEST	443	49726	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:19.733695984 CEST	49726	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:19.733753920 CEST	49726	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:19.733762026 CEST	443	49726	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:19.733846903 CEST	49726	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:19.775450945 CEST	443	49726	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:19.905148029 CEST	443	49726	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:19.905345917 CEST	443	49726	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:19.905425072 CEST	49726	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:19.905539989 CEST	49726	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:19.905567884 CEST	443	49726	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:21.815125942 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:21.815191984 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:21.815377951 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:21.816123009 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:21.816153049 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.090769053 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:22.099955082 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:22.240592957 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:22.440454960 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.440541029 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.442907095 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.442929029 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.443444967 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.454691887 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.499414921 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.552504063 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.552570105 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.552613974 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.552661896 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.552706957 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.552730083 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.552768946 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.634614944 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.634682894 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.634721041 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.634736061 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.634802103 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.641518116 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.641562939 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.641598940 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.641607046 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.641660929 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.716897011 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.716924906 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.716988087 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.717005968 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.717045069 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.717065096 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.718842983 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.718884945 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.718930006 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.718939066 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.718996048 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.721419096 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.721461058 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.721510887 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.721517086 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.721560001 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.725254059 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.725296974 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.725342989 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.725349903 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.725413084 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.800384998 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.800456047 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.800481081 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.800488949 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.800543070 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.801388979 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.801435947 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.801465988 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.801470995 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.801542997 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.801542997 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.802545071 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.802592039 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.802623034 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.802628994 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.802675009 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.802700996 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.803452969 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.803502083 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.803534985 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.803540945 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.803580999 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.803597927 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.804544926 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.804596901 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.804630041 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.804636002 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.804662943 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.804697990 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.806031942 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.806075096 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.806113005 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.806118011 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.806166887 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.806195974 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.806200981 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.806241035 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.806272030 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.806360960 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.806370020 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.806380033 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.806391954 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.878166914 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.878282070 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.878432989 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.879015923 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.879060030 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.879199028 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.879205942 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.879244089 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.879297018 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.879513025 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.879549980 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.879641056 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.879652977 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.879757881 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.879766941 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.880089045 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.880114079 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.880184889 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.880317926 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.880343914 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.880932093 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.880980015 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:22.881082058 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.881181002 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:22.881190062 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.493385077 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.494791985 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.497792006 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.498658895 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.498692989 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.499275923 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.499289989 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.499680042 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.499706984 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.500051022 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.500056028 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.503313065 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.505681992 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.505719900 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.507208109 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.508918047 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.508925915 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.515511990 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.515532970 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.515961885 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.515974045 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.516040087 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.516047001 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.517333031 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.517338037 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.592154026 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.592211962 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.592279911 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.592298031 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.592339993 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.592405081 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.592626095 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.592643023 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.592653036 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.592658043 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.594367981 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.594429016 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.594494104 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.594536066 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.594626904 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.594644070 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.594671011 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.594923019 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.595261097 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.595261097 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.595299006 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.595323086 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.597464085 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.597516060 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.598265886 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.598834991 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.598845005 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.598984003 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.598999023 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.599011898 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.599081993 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.599092007 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.600430012 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.600572109 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.600873947 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.600873947 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.600873947 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.602888107 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.602936983 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.603072882 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.603230953 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.603252888 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.610182047 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.610233068 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.610312939 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.610322952 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.610436916 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.610477924 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.610491037 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.610502005 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.610506058 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.610516071 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.610518932 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.613146067 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.613172054 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.613234997 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.613404036 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.613416910 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.625586033 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.625638962 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.625889063 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.626033068 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.626054049 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.626076937 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.626091957 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.628228903 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.628282070 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.628475904 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.628705025 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.628722906 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.912480116 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:23.912494898 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:23.958573103 CEST	443	49715	23.1.237.91	192.168.2.5
Oct 7, 2024 17:08:23.958686113 CEST	49715	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:24.210798025 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.216444016 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.223128080 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.229747057 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.248428106 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.256227016 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.268030882 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.268068075 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.268414974 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.268446922 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.268712997 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.268721104 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.269114971 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.269120932 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.269224882 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.269241095 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.269326925 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.269350052 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.269864082 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.269875050 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.269989014 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.269994020 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.270479918 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.270493031 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.270853996 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.270863056 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.362318039 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.362363100 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.362426996 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.363476038 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.363548994 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.363609076 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.364274025 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.364422083 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.364478111 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.364954948 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.365108013 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.365173101 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.376863956 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.377007008 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.377177954 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.416448116 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.416476965 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.416492939 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.416503906 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.418917894 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.418919086 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.418957949 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.418982983 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.419375896 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.419418097 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.419455051 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.419465065 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.420833111 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.420850992 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.420874119 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.420887947 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.421015024 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.421015024 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.421037912 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.421046019 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.545407057 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.545447111 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.545516014 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.674213886 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.674236059 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.885122061 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.885178089 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.885246992 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.885461092 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.885524035 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.885921001 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.885951996 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.886007071 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.887412071 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.887449980 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.887455940 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.887507915 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.895775080 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.895788908 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.896099091 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.896112919 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.909264088 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.909281015 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.910367012 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:24.910383940 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:24.912950039 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:24.912957907 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:24.913012981 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:24.913757086 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:24.913769007 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:25.290424109 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.291168928 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.291193008 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.291645050 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.291650057 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.391781092 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.391840935 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.392077923 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.392079115 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.392170906 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.392179012 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.394500017 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.394567013 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.394785881 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.394785881 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.394864082 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.405424118 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:25.405453920 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:25.405615091 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:25.406112909 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:25.406126022 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:25.409382105 CEST	49751	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:25.409401894 CEST	443	49751	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:25.409574032 CEST	49751	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:25.409980059 CEST	49751	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:25.409995079 CEST	443	49751	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:25.507946968 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.508944988 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.508945942 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.508965969 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.508985043 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.526787043 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:25.526982069 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:25.526994944 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:25.527569056 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:25.527831078 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:25.528264999 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:25.528456926 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:25.531573057 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:25.531657934 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:25.533962011 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:25.533968925 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:25.535696983 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.536429882 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.536429882 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.536437035 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.536449909 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.537210941 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.537575006 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.537590027 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.537914991 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.537919044 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.542273045 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.543230057 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.543230057 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.543257952 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.543277025 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.589752913 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:25.608867884 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.609025955 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.609246969 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.609436035 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.609461069 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.609488964 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.609497070 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.612631083 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.612648964 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.613027096 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.613207102 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.613219976 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.632828951 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.632904053 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.634095907 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.634798050 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.634807110 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.634839058 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.634844065 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.635310888 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.635363102 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.637149096 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.637150049 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.637274027 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.637278080 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.641310930 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.641396046 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.641844034 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.641896963 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.641896963 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.641917944 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.641927958 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.643791914 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.643821001 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.643971920 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.644465923 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.644488096 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.645507097 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.645526886 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.645586967 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.645760059 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.645772934 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.646779060 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.646790981 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.646856070 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.647006989 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:25.647013903 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:25.814594984 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:25.814871073 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:25.815107107 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:26.002239943 CEST	49744	443	192.168.2.5	142.250.186.78
Oct 7, 2024 17:08:26.002259016 CEST	443	49744	142.250.186.78	192.168.2.5
Oct 7, 2024 17:08:26.014980078 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.015011072 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.017826080 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.018078089 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.018090010 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.093065977 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.093797922 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.093816996 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.094969034 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.094974041 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.436829090 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.437006950 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.437087059 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.437196016 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.437228918 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.437257051 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.437271118 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.439027071 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.439153910 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.439330101 CEST	443	49751	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.439399004 CEST	49751	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.441198111 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.441206932 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.441437960 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.441618919 CEST	49751	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.441632986 CEST	443	49751	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.441967010 CEST	443	49751	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.442034006 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.442066908 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.442313910 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.443049908 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.443063974 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.443259001 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.443633080 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.443633080 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.443641901 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.443696022 CEST	49751	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.443836927 CEST	49751	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.443845034 CEST	443	49751	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.443958998 CEST	49751	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.487435102 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.491411924 CEST	443	49751	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.611001968 CEST	443	49751	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.611243010 CEST	443	49751	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.611324072 CEST	49751	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.611452103 CEST	49751	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.611470938 CEST	443	49751	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.612721920 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.613595963 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.613612890 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.613688946 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.614352942 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.614357948 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.614710093 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.614717007 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.615173101 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.615176916 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.615616083 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.615971088 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.615979910 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.616462946 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.616466999 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.618412971 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.618521929 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.618849993 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.618865967 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.618897915 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.618916035 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.618916988 CEST	49750	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:26.618927002 CEST	443	49750	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:26.619370937 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.619378090 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.619868040 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.619873047 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.648612022 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.648972988 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.648984909 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.649379969 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.649441004 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.650078058 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.650127888 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.651341915 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.651407957 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.651602030 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.651607990 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.699007034 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.709153891 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.709233999 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.709332943 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.709506989 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.709521055 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.709531069 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.709537029 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.709858894 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.709918022 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.709959030 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.710063934 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.710069895 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.710078955 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.710083008 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.711447001 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.711517096 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.711585999 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.712049961 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.712065935 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.712078094 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.712083101 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.712982893 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.713021994 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.713099003 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.713578939 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.713710070 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.713735104 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.713769913 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.713771105 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.713952065 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.714013100 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.714023113 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.714027882 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.714036942 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.714041948 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.714056015 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.714138031 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.714148045 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.714215994 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.714215994 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.714256048 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.714327097 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.714340925 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.716667891 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.716701031 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.716768026 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.716905117 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:26.716918945 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:26.946038961 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.946063042 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.946115017 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.946127892 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.946160078 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:26.946253061 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.956262112 CEST	49756	443	192.168.2.5	142.250.186.142
Oct 7, 2024 17:08:26.956285954 CEST	443	49756	142.250.186.142	192.168.2.5
Oct 7, 2024 17:08:27.441695929 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.442203999 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.442229033 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.442672014 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.442679882 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.587523937 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.587673903 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.587862968 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.587904930 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.587920904 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.592443943 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.592485905 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.592585087 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.592794895 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.592806101 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.612296104 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.612719059 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.612728119 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.613164902 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.613168955 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.613653898 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.614039898 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.614048004 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.614598036 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.614603043 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.618643045 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.619167089 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.619189978 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.619798899 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.619806051 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.650752068 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.651304960 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.651314974 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.652019024 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.652024031 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.710302114 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.710380077 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.710443974 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.711971998 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.711997032 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.712006092 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.712011099 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.720829010 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.720913887 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.720977068 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.721661091 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.721697092 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.721836090 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.723366976 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.723436117 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.723517895 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.726761103 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.726767063 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.726775885 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.726779938 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.728450060 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.728462934 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.728708029 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.728729010 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.728765011 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.728774071 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.729283094 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.729295969 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.729604959 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.729765892 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.729777098 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.734496117 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.734523058 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.734596014 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.735302925 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.735316038 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.779206991 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.779376030 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.779458046 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.779668093 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.779680014 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.779690981 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.779696941 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.782959938 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.782999039 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:27.783072948 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.783210993 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:27.783222914 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.243993998 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.252607107 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.252640963 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.253343105 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.253348112 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.341222048 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.348762035 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.348927021 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.349031925 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.358378887 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.381444931 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.387674093 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.390891075 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.402626038 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.433873892 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.433969975 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.440624952 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.440632105 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.443592072 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.443594933 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.446469069 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.446474075 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.447810888 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.447815895 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.448045015 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.448061943 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.448373079 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.448379993 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.448534966 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.448546886 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.448558092 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.448563099 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.451978922 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.451984882 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.454714060 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.454720974 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.458600998 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.458652020 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.458997011 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.459120989 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.459136009 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.545808077 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.545877934 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.545975924 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.546202898 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.546214104 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.546224117 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.546228886 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.546564102 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.546654940 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.547039032 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.547369957 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.547395945 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.547421932 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.547430992 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.548119068 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.548289061 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.548542976 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.549438953 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.549462080 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.549523115 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.549540997 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.549550056 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.549562931 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.549567938 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.549619913 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.549645901 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.549798012 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.549803972 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.549823999 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.550385952 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.550395966 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.551233053 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.551265001 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.551322937 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.551428080 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.551440954 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.620556116 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.620634079 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.620716095 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.621010065 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.621022940 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.621057987 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.621062994 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.623800993 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.623815060 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:28.623878002 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.624085903 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:28.624090910 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.052694082 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:29.052762032 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:29.052845001 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:29.053121090 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:29.053147078 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:29.084410906 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.085000038 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.085020065 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.085669041 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.085680008 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.162461042 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.163137913 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.163156033 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.163640022 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.163644075 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.182307959 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.182377100 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.182444096 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.182650089 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.182650089 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.182672977 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.182693005 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.185926914 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.185986042 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.186079979 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.186199903 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.186208963 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.187233925 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.187536955 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.187587023 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.187943935 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.187963963 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.210196018 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.211424112 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.211457968 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.211766958 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.211771965 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.265053988 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.265218019 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.265281916 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.266231060 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.267011881 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.267030954 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.267041922 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.267046928 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.268183947 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.268222094 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.268873930 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.268879890 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.279731989 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.279797077 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.279863119 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.281311989 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.281331062 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.393471956 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.393527985 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.393594027 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.393814087 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.393851042 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.393887997 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.393903971 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.397388935 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.397424936 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.397497892 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.397686005 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.397699118 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.399233103 CEST	49780	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:29.399279118 CEST	443	49780	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:29.399360895 CEST	49780	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:29.401246071 CEST	49780	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:29.401268005 CEST	443	49780	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:29.403206110 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.403255939 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.403328896 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.403924942 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.403939962 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.403949976 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.403955936 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.408823013 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.408834934 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.408934116 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.409457922 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.409472942 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.409709930 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.409790993 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.409838915 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.410176039 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.410176039 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.410181999 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.410188913 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.413197994 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.413207054 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.413285017 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.414042950 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.414058924 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.712594986 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:29.712825060 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:29.712891102 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:29.713922977 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:29.713990927 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:29.715478897 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:29.715553999 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:29.761141062 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:29.761171103 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:29.807996988 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:29.867134094 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.867835045 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.867881060 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.868393898 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.868397951 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.916116953 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.916637897 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.916657925 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.917128086 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.917133093 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.962583065 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.962651014 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.962703943 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.962902069 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.962902069 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.962910891 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.962918043 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.965615988 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.965641022 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:29.965712070 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.965842009 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:29.965852976 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.002063990 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.002506018 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.002525091 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.003026962 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.003040075 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.014107943 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.014188051 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.014239073 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.014338017 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.014358997 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.014365911 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.014370918 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.016568899 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.016597986 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.016690016 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.016815901 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.016829967 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.042656898 CEST	443	49780	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.042749882 CEST	49780	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.045732975 CEST	49780	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.045766115 CEST	443	49780	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.046008110 CEST	443	49780	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.055881023 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.057506084 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.057552099 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.057801962 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.057810068 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.066481113 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.066797972 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.066818953 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.067176104 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.067183018 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.083971977 CEST	49780	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.099313974 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.099369049 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.099442959 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.100955009 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.100955009 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.100979090 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.100989103 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.102032900 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.102111101 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.102206945 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.102338076 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.102369070 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.131403923 CEST	443	49780	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.155549049 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.155601978 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.155816078 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.155869961 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.155869961 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.155896902 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.155915022 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.158737898 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.158771992 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.158838987 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.158992052 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.159006119 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.167867899 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.167922974 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.167970896 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.168234110 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.168234110 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.168256044 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.168271065 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.172081947 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.172107935 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.172179937 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.172585011 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.172594070 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.298362970 CEST	443	49780	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.298404932 CEST	443	49780	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.298614025 CEST	49780	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.298614025 CEST	49780	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.298650980 CEST	49780	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.298679113 CEST	443	49780	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.324198961 CEST	49791	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.324230909 CEST	443	49791	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.324307919 CEST	49791	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.325865984 CEST	49791	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.325877905 CEST	443	49791	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.573431969 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.575057983 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.575088978 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.575790882 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.575798035 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.636183023 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.639518023 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.639542103 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.640480995 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.640487909 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.686949968 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.687009096 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.687076092 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.687522888 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.687546968 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.687562943 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.687570095 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.692320108 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.692352057 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.692455053 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.692800999 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.692814112 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.707165003 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.709193945 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.709247112 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.709619045 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.709630013 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.735311985 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.735450029 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.735529900 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.743592024 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.743617058 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.743660927 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.743669033 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.773847103 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.780392885 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.803987026 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.804125071 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.805663109 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.823945045 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.824661016 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.932116032 CEST	443	49791	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.932188034 CEST	49791	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.950356960 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.950356960 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.950409889 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.950436115 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.950476885 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.950481892 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.950958967 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.950963020 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.952871084 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.952876091 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.953259945 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.953263998 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.954668045 CEST	49791	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.954678059 CEST	443	49791	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.954989910 CEST	443	49791	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:30.955933094 CEST	49791	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:30.981376886 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.981432915 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.981472015 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.981508017 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.981576920 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.981590986 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.981875896 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.981898069 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:30.982033968 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:30.982050896 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.003400087 CEST	443	49791	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:31.244573116 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.244601965 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.244653940 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.244698048 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.244716883 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.244800091 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.244936943 CEST	443	49791	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:31.245007992 CEST	443	49791	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:31.245044947 CEST	49791	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:31.250441074 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.250458002 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.250471115 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.250475883 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.250673056 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.250679970 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.250689030 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.250693083 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.324810028 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:31.324848890 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:31.324949026 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:31.363373995 CEST	49791	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:31.363392115 CEST	443	49791	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:31.363401890 CEST	49791	443	192.168.2.5	184.28.90.27
Oct 7, 2024 17:08:31.363405943 CEST	443	49791	184.28.90.27	192.168.2.5
Oct 7, 2024 17:08:31.364932060 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:31.364948988 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:31.382024050 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.382067919 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.382297039 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.384396076 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.384428024 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.385926962 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.385951042 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.386102915 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.386218071 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.386245966 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.426506996 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.427120924 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.427141905 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.427979946 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.427984953 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.523809910 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.523952961 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.524174929 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.525186062 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.525197029 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.525216103 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.525221109 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.527966022 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.527983904 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.528100014 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.529423952 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.529433966 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.862746000 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.863348961 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.863378048 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.863821983 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.863831043 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.888201952 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.888950109 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.888950109 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.888984919 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.888997078 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.960215092 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.960277081 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.960346937 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.960635900 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.960664988 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.960958004 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.960966110 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.963390112 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.963422060 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.963674068 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.963852882 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.963865042 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.996071100 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.996112108 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.996401072 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.996401072 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.996401072 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.999254942 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.999293089 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:31.999545097 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.999710083 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:31.999727011 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.006732941 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.007545948 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.007611036 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.008011103 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.008024931 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.022176027 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.022562027 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.022594929 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.022969007 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.022979021 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.102900028 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.102947950 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.103152037 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.103209972 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.103209972 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.103245020 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.103267908 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.106110096 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.106133938 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.106251955 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.106383085 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.106399059 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.125716925 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.125863075 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.125993967 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.126029015 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.126029015 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.126043081 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.126061916 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.128242970 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.128278017 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.128356934 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.128470898 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.128483057 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.130868912 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.130935907 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:32.132281065 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:32.132285118 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.132514000 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.148087025 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.148437023 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.148452044 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.148849010 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.148854017 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.176506042 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:32.187001944 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:32.227407932 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.243602037 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.243788958 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.243844986 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.244045973 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.244059086 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.244069099 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.244072914 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.248965979 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.249006033 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.251429081 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.251429081 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.251466990 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.284960985 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.284966946 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.452444077 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.452469110 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.452477932 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.452565908 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:32.452594995 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.452698946 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:32.452941895 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.453031063 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:32.453036070 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.453114033 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.453176975 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:32.465559959 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:32.465580940 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.465596914 CEST	49796	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:08:32.465604067 CEST	443	49796	4.175.87.197	192.168.2.5
Oct 7, 2024 17:08:32.607337952 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.609524012 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.609534979 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.609596968 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.609993935 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.610001087 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.611159086 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.611186028 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.611637115 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.611641884 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.705555916 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.705605984 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.705915928 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.705960035 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.705960035 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.705977917 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.705991983 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.709177017 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.709237099 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.709311008 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.709454060 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.709476948 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.710072041 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.710131884 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.710213900 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.710408926 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.710428953 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.710443974 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.710450888 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.711071968 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.712163925 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.712177992 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.712702990 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.712707996 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.713560104 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.713593006 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.713706970 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.713840961 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.713859081 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.777848959 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.779737949 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.779771090 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.780558109 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.780565023 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.806912899 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.806977034 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.807269096 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.807368994 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.807404041 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.807424068 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.807431936 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.811517954 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.811566114 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.811700106 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.811853886 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.811867952 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.874794006 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.875564098 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.875598907 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.876030922 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.876039982 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.878514051 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.878662109 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.878760099 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.880270004 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.880291939 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.880305052 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.880311966 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.892878056 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.892911911 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.893225908 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.894078970 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:32.894093037 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.978043079 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.978203058 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:32.979482889 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.058212996 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.058232069 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.058245897 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.058252096 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.062055111 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.062083006 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.063716888 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.064163923 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.064182997 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.535501003 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.535943985 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.535969973 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.536350012 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.536355019 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.536415100 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.536701918 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.536746979 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.537096977 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.537106037 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.537573099 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.537861109 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.537894011 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.538239002 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.538245916 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.539719105 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.540689945 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.540705919 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.541028976 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.541038036 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.630258083 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.630347967 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.630409002 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.630575895 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.630598068 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.630609035 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.630614996 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.631192923 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.631247997 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.631340027 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.631470919 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.631470919 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.631509066 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.631534100 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.633368015 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.633377075 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.633399963 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.633425951 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.633472919 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.633503914 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.633603096 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.633618116 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.633650064 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.633675098 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.638505936 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.638562918 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.638638020 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.638848066 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.638863087 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.641168118 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.641185045 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.641253948 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.641371965 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.641383886 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.642067909 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.642229080 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.642297983 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.642333984 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.642342091 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.642359018 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.642364979 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.644526958 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.644551992 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:33.644907951 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.645092964 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:33.645114899 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.104087114 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.104899883 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.104931116 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.105961084 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.105968952 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.201203108 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.201345921 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.201576948 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.202166080 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.202193022 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.202209949 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.202219009 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.212976933 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.213011026 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.213219881 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.213429928 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.213440895 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.280597925 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.295969963 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.296013117 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.297229052 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.297240019 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.299511909 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.300261021 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.300275087 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.300981045 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.301362991 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.301366091 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.305105925 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.307632923 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.307660103 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.308357954 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.308367968 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.310652018 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.310662031 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.311059952 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.311063051 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.388891935 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.388952971 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.389130116 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.390283108 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.390283108 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.390304089 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.390326023 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.394550085 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.394594908 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.394701958 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.395092964 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.395119905 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.398848057 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.398904085 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.398984909 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.403830051 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.403837919 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.403871059 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.403876066 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.407609940 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.407696962 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.407826900 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.412370920 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.412422895 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.412672997 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.415301085 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.415301085 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.415326118 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.415348053 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.415388107 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.415395021 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.415402889 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.415405989 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.421771049 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.421806097 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.421968937 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.422254086 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.422261000 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.422311068 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.422384024 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.422394991 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.422486067 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.422494888 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.422542095 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.422595024 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.422772884 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.422872066 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.422888994 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.471313953 CEST	49715	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:34.471393108 CEST	49715	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:34.476372957 CEST	443	49715	23.1.237.91	192.168.2.5
Oct 7, 2024 17:08:34.476383924 CEST	443	49715	23.1.237.91	192.168.2.5
Oct 7, 2024 17:08:34.490303993 CEST	49832	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:34.490355015 CEST	443	49832	23.1.237.91	192.168.2.5
Oct 7, 2024 17:08:34.490436077 CEST	49832	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:34.490711927 CEST	49832	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:34.490730047 CEST	443	49832	23.1.237.91	192.168.2.5
Oct 7, 2024 17:08:34.833024979 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.833425999 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.833455086 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.833852053 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.833857059 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.930377007 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.930418968 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.930504084 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.930650949 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.930664062 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.930672884 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.930676937 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.934051037 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.934093952 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:34.934258938 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.934458017 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:34.934473991 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.041615963 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.052050114 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.052061081 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.052956104 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.052959919 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.058671951 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.059076071 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.059156895 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.059545040 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.059559107 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.064013004 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.064311028 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.064320087 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.064894915 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.064898968 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.066231966 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.066621065 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.066651106 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.067519903 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.067526102 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.092962027 CEST	443	49832	23.1.237.91	192.168.2.5
Oct 7, 2024 17:08:35.093049049 CEST	49832	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:35.144954920 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.145055056 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.145164967 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.145625114 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.145642042 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.145658016 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.145663023 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.148642063 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.148669958 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.148741007 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.148894072 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.148905039 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.158435106 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.158608913 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.158701897 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.158763885 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.158765078 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.158801079 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.158823967 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.160918951 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.160953045 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.161027908 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.161159992 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.161164999 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.168186903 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.168246984 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.168293953 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.168416023 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.168433905 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.168446064 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.168451071 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.170579910 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.170617104 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.170710087 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.170818090 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.170839071 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.173232079 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.173304081 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.173360109 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.173484087 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.173502922 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.173511982 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.173518896 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.175410032 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.175424099 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.175499916 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.175626993 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.175636053 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.507164955 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:35.507225037 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:35.507292986 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:35.507735968 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:35.507756948 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:35.552514076 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.596081972 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.652312994 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:35.652368069 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:35.652523994 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:35.653987885 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:35.654002905 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:35.775168896 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.784092903 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.785994053 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.789669991 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.818109035 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.833446026 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.833664894 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.833684921 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.992250919 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.992266893 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.992909908 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.992916107 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.993369102 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.993386030 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.993803978 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.993808985 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.994040966 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.994080067 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:35.994695902 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:35.994703054 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.030019045 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.030056953 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.030891895 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.030899048 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.033921003 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.033958912 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.034241915 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.034250975 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.085376024 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.085454941 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.085621119 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.086931944 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.087035894 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.087105036 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.087461948 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.087536097 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.087605953 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.090320110 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.090347052 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.090363979 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.090373039 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.093333006 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.093346119 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.094724894 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.094724894 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.094752073 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.094765902 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.110265017 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.110349894 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.110418081 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.111191034 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.111238956 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.111480951 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.114053011 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.114084959 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.114183903 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.114402056 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.114423037 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.114450932 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.114504099 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.115425110 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.115447998 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.122258902 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.122325897 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.122370958 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.122561932 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.122586966 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.122601032 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.122607946 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.124681950 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.124988079 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.125073910 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.125119925 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.125134945 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.125145912 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.125152111 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.127342939 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.127393961 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.127516985 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.127717972 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.127733946 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.128905058 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.128923893 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.128990889 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.129266977 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:36.129277945 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:36.129427910 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.129689932 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.129715919 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.130065918 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.130120039 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.130744934 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.130800962 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.131901979 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.131959915 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.132184982 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.132193089 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.171904087 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.288516998 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.288734913 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.288758039 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.289274931 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.289324999 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.290270090 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.290327072 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.290448904 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.290529966 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.290638924 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.290647030 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.342947960 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.422678947 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.423099041 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.423177004 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.428719044 CEST	49839	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.428745031 CEST	443	49839	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.430402994 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.430448055 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:36.430540085 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.430747986 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:36.430766106 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.121906042 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.122072935 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.122277975 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.122663021 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.122680902 CEST	443	49840	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.122709036 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.122746944 CEST	49840	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.123682022 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.123722076 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.123799086 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.124169111 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.124186993 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.129591942 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.129875898 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.129890919 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.130237103 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.130302906 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.130908966 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.130964041 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.131072998 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.131134987 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.131483078 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.131493092 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.131508112 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.175400019 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.182971001 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.298374891 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.298940897 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.298963070 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.299422979 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.299432039 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.301486969 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.301831007 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.301923990 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.302298069 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.302320004 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.303982019 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.304282904 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.304316998 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.304671049 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.304677010 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.311736107 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.312062025 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.312102079 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.312443972 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.312470913 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.314778090 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.316247940 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.316276073 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.316668987 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.316674948 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.341692924 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.342109919 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.342195034 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.343056917 CEST	49851	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.343071938 CEST	443	49851	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.394764900 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.394793987 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.394865036 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.394881010 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.394900084 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.394948959 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.395092010 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.395106077 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.395117998 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.395124912 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.397640944 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.397695065 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.397758961 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.397788048 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.397849083 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.399410963 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.399411917 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.399452925 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.399493933 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.399616003 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.399662971 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.399728060 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.399975061 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.399998903 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.401263952 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.401417017 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.401510000 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.401540995 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.401557922 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.401571989 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.401576996 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.405596018 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.405610085 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.405731916 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.406119108 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.406132936 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.409544945 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.409574986 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.409660101 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.410178900 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:37.410279036 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.410289049 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.413240910 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.413306952 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.413360119 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.413701057 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.413726091 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.413750887 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.413765907 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.416563988 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.416619062 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.416671038 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.416695118 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.416814089 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.416990042 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.446147919 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.446180105 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.446192026 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.446198940 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.448899031 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.448939085 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.449002028 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.449361086 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.449374914 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.450139046 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.450179100 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.450413942 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.450531006 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:37.450546980 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:37.451411963 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:37.686316967 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:37.686352015 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:37.686376095 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:37.686441898 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:37.686511040 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:37.686573982 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:37.686739922 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:37.688915014 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:37.689016104 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:37.689259052 CEST	49776	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:08:37.689291954 CEST	443	49776	142.250.185.68	192.168.2.5
Oct 7, 2024 17:08:37.833641052 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.834053993 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.834089041 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.834604025 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.834671974 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.835628033 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.835684061 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.835855007 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.835947037 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.836127043 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.836139917 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.836162090 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:37.879403114 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:37.886071920 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:38.043308020 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.044692039 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:38.045228958 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:38.045289993 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:38.046292067 CEST	49852	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:38.046312094 CEST	443	49852	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:38.047517061 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.058664083 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.058686972 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.059318066 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.059323072 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.059730053 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.059736013 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.059812069 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.060211897 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.060215950 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.060487986 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.060506105 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.061077118 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.061080933 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.099471092 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.100061893 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.100102901 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.100542068 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.100548029 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.107609987 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.128731012 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.128770113 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.129662037 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.129668951 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.151067019 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.151165009 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.151309013 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.151401997 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.151423931 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.151436090 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.151442051 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.154786110 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.154808044 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.154870033 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.154874086 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.154913902 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.156181097 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.156187057 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.156193972 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.156197071 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.160703897 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.161082029 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.161748886 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.162295103 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.162323952 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.162458897 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.162467003 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.163727045 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.163765907 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.164016008 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.164135933 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.164148092 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.177722931 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.177745104 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.177911043 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.178319931 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.178349018 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.181011915 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.200249910 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.200382948 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.201018095 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.214864016 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.214885950 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.222349882 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.222382069 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.227318048 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.227608919 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.227718115 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.230967999 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.230982065 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.231200933 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.231206894 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.231722116 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.231745958 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.231772900 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.231781006 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.235946894 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.235968113 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.236393929 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.243130922 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.243166924 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.245183945 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.249921083 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.249936104 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.256968021 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.256980896 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.774559021 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.775055885 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.775085926 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:38.775513887 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:38.775521994 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.016423941 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.016479015 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.016571045 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.016835928 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.016851902 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.016879082 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.016885042 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.020343065 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.020385027 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.020467043 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.020633936 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.020646095 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.025032043 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.025039911 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.025142908 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.025394917 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.025425911 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.025590897 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.025836945 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.025842905 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.026257992 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.026272058 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.026643991 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.026648998 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.027390003 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.027396917 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.027828932 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.027832985 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.028047085 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.028053999 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.028609991 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.028614998 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.119255066 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.119340897 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.119502068 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.119560957 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.119585991 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.119596958 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.119601965 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.123042107 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.123820066 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.123908043 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.123977900 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.123997927 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.124008894 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.124013901 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.124572992 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.124614954 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.125017881 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.125154972 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.125174046 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.125628948 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.125715971 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.126070976 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.126105070 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.126111984 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.126132965 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.126137018 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.126178026 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.126324892 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.126339912 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.127564907 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.127804995 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.127873898 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.128112078 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.128118992 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.128129959 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.128134012 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.128330946 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.128382921 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.128457069 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.128726006 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.128748894 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.130147934 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.130182028 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.130275011 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.130376101 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.130392075 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.637938976 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.640499115 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.640536070 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.641300917 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.641307116 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.735424042 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.735482931 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.735629082 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.735707998 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.735734940 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.735748053 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.735755920 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.738666058 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.738706112 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.738867044 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.739002943 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.739022970 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.741401911 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.741832018 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.741864920 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.742269993 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.742276907 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.743038893 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.743362904 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.743406057 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.743758917 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.743766069 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.775573969 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.775886059 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.776283026 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.776298046 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.776350975 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.776397943 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.776823997 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.776829004 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.776868105 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.776886940 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.836972952 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.837150097 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.837304115 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.838594913 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.838641882 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.840240002 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.840663910 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.840713024 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.840719938 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.840763092 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.851406097 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.851444006 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.851464987 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.851470947 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.853739023 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.853789091 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.854039907 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.854136944 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.854192019 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.854196072 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.854211092 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.854249954 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.854326963 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.854338884 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.875111103 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.875149965 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.875195026 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.875217915 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.875268936 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.875451088 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.875451088 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.875492096 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.875518084 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.878324986 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.878355980 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.878422976 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.878571033 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.878582001 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.879442930 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.879750013 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.879795074 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.879887104 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.879904032 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.879914999 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.879920959 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.881994963 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.882029057 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:39.882090092 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.882216930 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:39.882229090 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.440454960 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.488325119 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.488339901 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.488837957 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.488841057 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.516984940 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:40.517021894 CEST	443	49877	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:40.517091990 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:40.518155098 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:40.518166065 CEST	443	49877	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:40.679709911 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.680042982 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.680093050 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.682600975 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.730156898 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.730164051 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.730164051 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.731259108 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.777623892 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.777982950 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.778090954 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.886430979 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.886449099 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.886998892 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.887003899 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.888742924 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.888775110 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.889724016 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.889738083 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.890594959 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.890633106 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.890650988 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.890659094 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.891855001 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.891889095 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.892369032 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.892381907 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.892584085 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.892600060 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.893079042 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.893084049 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.908768892 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.908818007 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.908878088 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.909019947 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.909028053 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.980577946 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.980608940 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.980647087 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.980663061 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.980679035 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.980741024 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.980942965 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.980958939 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.982726097 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.982826948 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.982932091 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.983532906 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.983555079 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.983566999 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.983572960 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.983870983 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.984003067 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.984055042 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.985363007 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.985363007 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.985373020 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.985380888 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.986238956 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.986974955 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.987059116 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.987170935 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.987174988 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.987185001 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.987189054 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.988578081 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.988612890 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.988689899 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.989587069 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.989599943 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.990613937 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.990672112 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.990783930 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.991041899 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.991065979 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.992142916 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.992178917 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.992309093 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.993283987 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.993292093 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.993446112 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.993459940 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:40.993469000 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.993819952 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:40.993833065 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.471131086 CEST	443	49877	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:41.471208096 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:41.473217010 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:41.473236084 CEST	443	49877	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:41.473617077 CEST	443	49877	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:41.474900961 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:41.475030899 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:41.475039959 CEST	443	49877	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:41.475225925 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:41.515409946 CEST	443	49877	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:41.582631111 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.583302975 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.583360910 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.583863020 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.583875895 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.624445915 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.625000000 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.625024080 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.625768900 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.625773907 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.648427010 CEST	443	49877	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:41.648945093 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:41.648969889 CEST	443	49877	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:41.649008036 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:41.649024010 CEST	49877	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:41.649749041 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.650340080 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.650368929 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.651179075 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.651185989 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.693232059 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.693763971 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.693799019 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.693886995 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.693958044 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.694022894 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.694325924 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.694345951 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.694360971 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.694367886 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.694453955 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.694458961 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.696419001 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.696943045 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.696979046 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.697340012 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.697349072 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.699428082 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.699467897 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.699554920 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.699714899 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.699723005 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.723510027 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.724419117 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.724458933 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.724523067 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.724626064 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.724646091 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.724658012 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.724663973 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.727844000 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.727897882 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.727962017 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.728523016 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.728543997 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.755301952 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.755367041 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.755446911 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.755858898 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.755878925 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.755899906 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.755906105 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.759208918 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.759253979 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:41.759330034 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.759556055 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:41.759571075 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.175113916 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.175138950 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.175159931 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.175198078 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.175216913 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.175235987 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.175299883 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.175425053 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.179477930 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.179502010 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.179516077 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.179522991 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.181252003 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.181266069 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.184338093 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.184377909 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.184402943 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.184446096 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.184474945 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.184510946 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.184839010 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.184849977 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.184973001 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.184986115 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.494802952 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.495544910 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.495573044 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.496279001 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.496284008 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.579119921 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.579891920 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.579935074 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.580423117 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.580430031 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.582871914 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.583368063 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.583396912 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.583771944 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.583775997 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.589267015 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.589430094 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.589500904 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.589606047 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.589606047 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.589627981 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.589638948 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.595381975 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.595426083 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.595591068 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.595698118 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.595712900 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.692457914 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.692514896 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.692629099 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.693065882 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.693101883 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.693121910 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.693130016 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.693959951 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.693975925 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.694019079 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.694051981 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.694077969 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.694859982 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.694876909 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.697546005 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.697567940 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.697643042 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.698209047 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.698216915 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.698353052 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.698662996 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.698676109 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.698853970 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:42.698863029 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:42.774688959 CEST	49891	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:42.774734020 CEST	443	49891	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:42.775497913 CEST	49891	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:42.776226997 CEST	49891	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:42.776248932 CEST	443	49891	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:43.031399012 CEST	49892	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:43.031501055 CEST	443	49892	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:43.032048941 CEST	49892	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:43.033730984 CEST	49892	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:43.033782005 CEST	443	49892	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:43.063141108 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.068291903 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.068315029 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.068325043 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.069096088 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.069102049 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.069623947 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.069703102 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.070417881 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.070434093 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.542841911 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.542906046 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.542917967 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.542985916 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.543103933 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.543204069 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.543787003 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.543814898 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.544466019 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.544492960 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.544507980 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.544514894 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.546164989 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.546797037 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.546823025 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.547461987 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.547467947 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.549537897 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.549575090 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.549745083 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.549892902 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.549902916 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.549913883 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.549922943 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.549968004 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.550059080 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.550071955 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.647710085 CEST	443	49892	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:43.647974014 CEST	49892	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:43.648021936 CEST	443	49892	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:43.648427010 CEST	443	49892	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:43.648732901 CEST	49892	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:43.648802042 CEST	443	49892	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:43.648952007 CEST	49892	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:43.648982048 CEST	49892	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:43.648994923 CEST	443	49892	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:43.651779890 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.651946068 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.651998997 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.652216911 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.652240038 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.652254105 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.652261019 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.656039953 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.656085968 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.656158924 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.656310081 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.656326056 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.712017059 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.713016987 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.713059902 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.713076115 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.713082075 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.722776890 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.723578930 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.723617077 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.724080086 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.724087954 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.730153084 CEST	443	49891	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:43.730252028 CEST	49891	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:43.732506990 CEST	49891	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:43.732537031 CEST	443	49891	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:43.732826948 CEST	443	49891	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:43.734669924 CEST	49891	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:43.734738111 CEST	49891	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:43.734751940 CEST	443	49891	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:43.734920025 CEST	49891	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:43.779413939 CEST	443	49891	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:43.819523096 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.819622040 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.819895983 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.820000887 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.820020914 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.820039034 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.820044994 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.825160027 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.825270891 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.825381994 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.825629950 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.825660944 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.848582983 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.848655939 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.848723888 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.848752975 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.848776102 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.848895073 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.849162102 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.849179029 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.849189997 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.849195957 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.852454901 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.852519989 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.852613926 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.852921009 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:43.852936029 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:43.902709007 CEST	443	49891	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:43.902884007 CEST	443	49891	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:43.902968884 CEST	49891	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:43.903058052 CEST	49891	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:43.903104067 CEST	443	49891	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:43.949939013 CEST	443	49892	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:43.950836897 CEST	443	49892	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:43.950908899 CEST	49892	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:43.952707052 CEST	49892	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:08:43.952744961 CEST	443	49892	172.217.16.206	192.168.2.5
Oct 7, 2024 17:08:44.159291029 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.159806013 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.159822941 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.160281897 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.160286903 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.163207054 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.163542032 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.163548946 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.163913965 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.163918018 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.255317926 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.255419016 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.255610943 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.255640030 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.255655050 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.255666018 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.255671024 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.258629084 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.258671045 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.258790016 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.258956909 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.258966923 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.283101082 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.283633947 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.283658028 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.284090042 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.284097910 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.319355965 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.319818974 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.319880009 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.319952011 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.319963932 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.319976091 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.319981098 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.322710037 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.322743893 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.322819948 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.322999954 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.323008060 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.561877966 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.561924934 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.561973095 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.562028885 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.562216043 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.562247038 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.562263012 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.562268972 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.564177990 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.564582109 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.564610004 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.565182924 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.565196991 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.565490007 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.565534115 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.565597057 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.565781116 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.565794945 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.569936991 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.570283890 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.570324898 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.570703030 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.570708990 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.689807892 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.689857006 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.689876080 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.689919949 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.689939022 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.690099001 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.690218925 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.690241098 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.690308094 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.690314054 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.691663980 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.691693068 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.691706896 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.691713095 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.695432901 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.695477962 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.695557117 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.695564985 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.695590019 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.695653915 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.695816040 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.695835114 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.695987940 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.695997953 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.931643009 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.932172060 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.932188034 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:44.932614088 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:44.932617903 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.033466101 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.033545017 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.033613920 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.033931971 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.033945084 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.033966064 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.033972025 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.036669970 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.036717892 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.036782980 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.036931992 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.036946058 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.212059021 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.212563038 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.212578058 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.213002920 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.213009119 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.222857952 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.223316908 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.223346949 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.223741055 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.223747015 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.307131052 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.307652950 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.307686090 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.308187008 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.308201075 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.308696032 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.308732033 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.308803082 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.308829069 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.308913946 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.308973074 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.308973074 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.308998108 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.309010983 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.309015989 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.311372995 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.311412096 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.311541080 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.311651945 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.311665058 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.321866035 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.321933985 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.321981907 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.322118044 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.322137117 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.322149992 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.322155952 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.325376987 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.325417042 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.325490952 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.325633049 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.325645924 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.355771065 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.356386900 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.356406927 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.356794119 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.356801033 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.402468920 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.402539015 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.404851913 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.405585051 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.405615091 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.405987978 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.405998945 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.408972979 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.409014940 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.409389019 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.409646988 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.409666061 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.456466913 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.456692934 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.456736088 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.456756115 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.456773996 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.456849098 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.456875086 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.456892967 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.456902981 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.456907988 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.461092949 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.461134911 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.461258888 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.461519003 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.461534977 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.919965029 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.920449972 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.920485973 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:45.920984983 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:45.920989990 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.021182060 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.021697044 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.021744967 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.021800995 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.021836996 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.021855116 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.021866083 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.021871090 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.024702072 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.024741888 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.024849892 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.025012016 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.025023937 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.264175892 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.264410019 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.264420986 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.264787912 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.264825106 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.264925957 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.264945030 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.265005112 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.265412092 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.265417099 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.265549898 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.265556097 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.265808105 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.265815020 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.266009092 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.266016006 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.266427994 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.266433954 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.266483068 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.266488075 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.359224081 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.359338999 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.359396935 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.359432936 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.359451056 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.359643936 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.359683990 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.359704971 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.359714031 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.359975100 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.360025883 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.360176086 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.360196114 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.360208035 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.360214949 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.360398054 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.361016035 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.361083984 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.361216068 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.361232042 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.363303900 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.363348961 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.363507032 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.363601923 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.363610029 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.363703966 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.363965034 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.363981009 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.364068985 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.364078999 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.364149094 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.364237070 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.364305973 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.364429951 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.364463091 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.364953995 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.365458965 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.365508080 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.365519047 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.365561962 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.365616083 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.365631104 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.365642071 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.365648031 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.367474079 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.367496967 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.367610931 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.367713928 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.367726088 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.687838078 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.689889908 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.689932108 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.691606998 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.691631079 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.793046951 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.793124914 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.793231010 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.793662071 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.793685913 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.796588898 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.796642065 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:46.796730042 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.797755957 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:46.797777891 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.313761950 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.314059973 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.314165115 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.314254045 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.314284086 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.314446926 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.314477921 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.314480066 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.314749956 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.314754963 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.314930916 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.314937115 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.315047979 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.315076113 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.315172911 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.315182924 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.315558910 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.315572977 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.315612078 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.315617085 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.407820940 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.407933950 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.408016920 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.408055067 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.408164024 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.408222914 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.408222914 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.408267021 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.408292055 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.409653902 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.409749031 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.409804106 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.409918070 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.409949064 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.409965038 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.409971952 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.410456896 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.411062956 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.411156893 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.411299944 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.411336899 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.411348104 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.411353111 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.412324905 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.412368059 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.412430048 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.412457943 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.412481070 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.412534952 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.412563086 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.412571907 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.412846088 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.412862062 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.413490057 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.413635015 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.413685083 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.413748980 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.413762093 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.413918972 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.413957119 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.414165974 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.414275885 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.414292097 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.415837049 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.415894032 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.416021109 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.416140079 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.416171074 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.495378971 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.495934963 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.495965004 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.496454954 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.496459961 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.595897913 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.595961094 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.596008062 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.596072912 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.596074104 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.596298933 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.596353054 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.596385956 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.596402884 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.599550009 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.599594116 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:47.599739075 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.599809885 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:47.599817038 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.003201008 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.004072905 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.004096985 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.004986048 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.004992008 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.077529907 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.078238964 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.078286886 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.078836918 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.078843117 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.086388111 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.086415052 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.087203979 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.087230921 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.087863922 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.087868929 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.088329077 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.088352919 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.089277983 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.089283943 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.133356094 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.134439945 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.134491920 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.134540081 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.134582043 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.140346050 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.140346050 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.140374899 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.140386105 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.180278063 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.180347919 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.180418015 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.180701971 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.180718899 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.201384068 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.201457977 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.201554060 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.203357935 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.204178095 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.204229116 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.206265926 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.206293106 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.207328081 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.207359076 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.209393024 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.209436893 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.209503889 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.209525108 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.209566116 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.209650040 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.209709883 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.209722996 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.209793091 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.209809065 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.224961042 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.225034952 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.225095987 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.227498055 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.227518082 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.227529049 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.227535009 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.276185989 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.276257992 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.276396036 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.283099890 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.283145905 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.294728041 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.299359083 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.299400091 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.307235003 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.307251930 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.311359882 CEST	59889	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:48.316289902 CEST	53	59889	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:48.316365957 CEST	59889	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:48.318931103 CEST	59889	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:48.323704004 CEST	53	59889	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:48.419816971 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.419897079 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.419958115 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.420237064 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.420264959 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.420277119 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.420283079 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.423072100 CEST	59890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.423120975 CEST	443	59890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.423177958 CEST	59890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.423310995 CEST	59890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.423317909 CEST	443	59890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.773623943 CEST	53	59889	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:48.774404049 CEST	59889	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:48.779645920 CEST	53	59889	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:48.779715061 CEST	59889	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:48.799948931 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.800436020 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.800491095 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.800910950 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.800925970 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.888202906 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.889852047 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.889872074 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.890412092 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.890418053 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.895190954 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.895272017 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.895319939 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.895325899 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.895371914 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.895683050 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.895711899 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.895725012 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.895730972 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.898296118 CEST	59892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.898354053 CEST	443	59892	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.898442030 CEST	59892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.898668051 CEST	59892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.898678064 CEST	443	59892	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.941699028 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.943030119 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.943039894 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:48.943459988 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:48.943464994 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.001188040 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.001343012 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.001617908 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.001652002 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.001673937 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.001688004 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.001693964 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.003170967 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.003351927 CEST	443	59890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.005119085 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.005145073 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.005383015 CEST	59890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.005404949 CEST	443	59890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.005577087 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.005580902 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.005954027 CEST	59890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.005959034 CEST	443	59890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.007101059 CEST	59893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.007142067 CEST	443	59893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.007227898 CEST	59893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.007415056 CEST	59893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.007428885 CEST	443	59893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.085828066 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.085942984 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.086020947 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.086257935 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.086291075 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.086308956 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.086314917 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.088809013 CEST	59894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.088860035 CEST	443	59894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.088939905 CEST	59894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.089073896 CEST	59894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.089081049 CEST	443	59894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.104840994 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.104912043 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.105031967 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.105287075 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.105307102 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.105319977 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.105324984 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.108266115 CEST	59895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.108316898 CEST	443	59895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.108405113 CEST	59895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.108552933 CEST	59895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.108568907 CEST	443	59895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.111577034 CEST	443	59890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.111661911 CEST	443	59890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.111721039 CEST	59890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.111880064 CEST	59890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.111892939 CEST	443	59890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.111902952 CEST	59890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.111907959 CEST	443	59890	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.113986015 CEST	59896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.114027977 CEST	443	59896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.114099979 CEST	59896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.114257097 CEST	59896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.114269972 CEST	443	59896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.185983896 CEST	443	59892	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.186562061 CEST	59892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.186584949 CEST	443	59892	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.187119961 CEST	59892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.187124014 CEST	443	59892	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.283016920 CEST	443	59892	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.283255100 CEST	443	59892	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.283330917 CEST	59892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.283405066 CEST	59892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.283405066 CEST	59892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.283430099 CEST	443	59892	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.283440113 CEST	443	59892	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.286240101 CEST	59897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.286299944 CEST	443	59897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.286377907 CEST	59897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.286570072 CEST	59897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.286585093 CEST	443	59897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.646795034 CEST	443	59893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.700170040 CEST	59893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.727415085 CEST	443	59894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.778279066 CEST	59894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.793200970 CEST	443	59896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.796525002 CEST	443	59895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.826287031 CEST	59893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.826312065 CEST	443	59893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.827321053 CEST	59893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.827327967 CEST	443	59893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.827843904 CEST	59894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.827851057 CEST	443	59894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.828227043 CEST	59894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.828231096 CEST	443	59894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.828511953 CEST	59896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.828538895 CEST	443	59896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.828860998 CEST	59896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.828866005 CEST	443	59896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.829118013 CEST	59895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.829181910 CEST	443	59895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.829447985 CEST	59895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.829462051 CEST	443	59895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.918807030 CEST	443	59893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.918890953 CEST	443	59893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.918950081 CEST	59893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.919069052 CEST	59893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.919090033 CEST	443	59893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.919105053 CEST	59893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.919111013 CEST	443	59893	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.920380116 CEST	443	59894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.920458078 CEST	443	59894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.920525074 CEST	59894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.920644045 CEST	59894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.920659065 CEST	443	59894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.920670033 CEST	59894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.920675993 CEST	443	59894	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.921552896 CEST	443	59896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.921638966 CEST	443	59896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.921709061 CEST	59896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.922744989 CEST	59896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.922765970 CEST	443	59896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.922776937 CEST	59896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.922782898 CEST	443	59896	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.923566103 CEST	59898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.923600912 CEST	443	59898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.923666954 CEST	59898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.924113989 CEST	59898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.924128056 CEST	443	59898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.924705029 CEST	443	59895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.924770117 CEST	59899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.924806118 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.924859047 CEST	59899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.924993038 CEST	59899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.925005913 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.925060987 CEST	59900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.925102949 CEST	443	59900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.925105095 CEST	443	59895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.925151110 CEST	443	59895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.925157070 CEST	59900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.925159931 CEST	59895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.925228119 CEST	59895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.925228119 CEST	59895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.925228119 CEST	59895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.925329924 CEST	59900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.925347090 CEST	443	59900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.927462101 CEST	59901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.927494049 CEST	443	59901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.927556992 CEST	59901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.927700996 CEST	59901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.927715063 CEST	443	59901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.977289915 CEST	443	59897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.977711916 CEST	59897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.977735043 CEST	443	59897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:50.978152990 CEST	59897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:50.978166103 CEST	443	59897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.076373100 CEST	443	59897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.076828003 CEST	443	59897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.076877117 CEST	59897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.106388092 CEST	59897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.106419086 CEST	443	59897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.106432915 CEST	59897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.106440067 CEST	443	59897	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.121027946 CEST	59902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.121071100 CEST	443	59902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.121145964 CEST	59902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.121306896 CEST	59902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.121320963 CEST	443	59902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.231559992 CEST	59895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.231599092 CEST	443	59895	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.537250042 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.537925005 CEST	59899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.537946939 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.538356066 CEST	59899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.538362026 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.538923979 CEST	443	59901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.539186001 CEST	59901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.539228916 CEST	443	59901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.539513111 CEST	59901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.539519072 CEST	443	59901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.546053886 CEST	443	59898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.546389103 CEST	59898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.546426058 CEST	443	59898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.546713114 CEST	59898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.546719074 CEST	443	59898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.559880018 CEST	443	59900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.560255051 CEST	59900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.560285091 CEST	443	59900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.560587883 CEST	59900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.560594082 CEST	443	59900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.631675005 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.631706953 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.631786108 CEST	59899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.631807089 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.632030010 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.632035017 CEST	59899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.632056952 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.632069111 CEST	59899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.632078886 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.632091999 CEST	59899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.632098913 CEST	443	59899	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.633893967 CEST	443	59901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.634305000 CEST	443	59901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.634352922 CEST	443	59901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.634356976 CEST	59901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.634392977 CEST	59901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.634438038 CEST	59901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.634465933 CEST	443	59901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.634483099 CEST	59901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.634488106 CEST	443	59901	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.635202885 CEST	59903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.635238886 CEST	443	59903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.635308027 CEST	59903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.635447979 CEST	59903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.635458946 CEST	443	59903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.636395931 CEST	59904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.636431932 CEST	443	59904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.636516094 CEST	59904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.636672020 CEST	59904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.636683941 CEST	443	59904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.642920971 CEST	443	59898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.642997026 CEST	443	59898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.643049002 CEST	59898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.643132925 CEST	59898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.643132925 CEST	59898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.643160105 CEST	443	59898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.643170118 CEST	443	59898	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.645037889 CEST	59905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.645087957 CEST	443	59905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.645163059 CEST	59905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.645291090 CEST	59905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.645312071 CEST	443	59905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.884563923 CEST	443	59900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.884603024 CEST	443	59900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.884645939 CEST	443	59900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.884696007 CEST	59900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.884736061 CEST	59900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.884979010 CEST	59900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.884996891 CEST	443	59900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.885008097 CEST	59900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.885013103 CEST	443	59900	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.887820959 CEST	59906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.887892962 CEST	443	59906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.887983084 CEST	59906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.888139009 CEST	59906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.888158083 CEST	443	59906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.891859055 CEST	443	59902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.892199039 CEST	59902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.892230034 CEST	443	59902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:51.892579079 CEST	59902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:51.892584085 CEST	443	59902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.367722988 CEST	443	59902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.367887974 CEST	443	59902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.367978096 CEST	59902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.368068933 CEST	59902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.368087053 CEST	443	59902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.368100882 CEST	59902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.368107080 CEST	443	59902	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.370824099 CEST	59907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.370866060 CEST	443	59907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.371169090 CEST	59907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.371447086 CEST	59907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.371460915 CEST	443	59907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.479326963 CEST	443	59904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.479794025 CEST	59904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.479819059 CEST	443	59904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.480487108 CEST	59904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.480492115 CEST	443	59904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.491446972 CEST	443	59903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.491786957 CEST	59903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.491822958 CEST	443	59903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.492192030 CEST	59903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.492197990 CEST	443	59903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.574740887 CEST	443	59904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.576391935 CEST	443	59904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.576452017 CEST	59904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.576491117 CEST	59904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.576508999 CEST	443	59904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.576519012 CEST	59904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.576524019 CEST	443	59904	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.579058886 CEST	59908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.579097033 CEST	443	59908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.579236984 CEST	59908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.579377890 CEST	59908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.579396009 CEST	443	59908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.610328913 CEST	443	59903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.610413074 CEST	443	59903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.610455036 CEST	443	59903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.610457897 CEST	59903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.610498905 CEST	59903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.610727072 CEST	59903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.610743999 CEST	443	59903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.610761881 CEST	59903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.610768080 CEST	443	59903	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.613599062 CEST	59909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.613704920 CEST	443	59909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:52.613807917 CEST	59909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.616094112 CEST	59909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:52.616130114 CEST	443	59909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.438568115 CEST	443	59905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.438684940 CEST	443	59906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.439028978 CEST	59905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.439048052 CEST	443	59905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.439096928 CEST	59906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.439106941 CEST	443	59906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.439517975 CEST	59906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.439521074 CEST	443	59906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.439707994 CEST	59905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.439713001 CEST	443	59905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.443424940 CEST	443	59907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.443746090 CEST	59907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.443768024 CEST	443	59907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.444108963 CEST	59907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.444113016 CEST	443	59907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.535362959 CEST	443	59905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.535387993 CEST	443	59905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.535429955 CEST	443	59905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.535459995 CEST	59905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.535495996 CEST	59905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.535689116 CEST	59905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.535689116 CEST	59905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.535722017 CEST	443	59905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.535743952 CEST	443	59905	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.537447929 CEST	443	59906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.537483931 CEST	443	59906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.537525892 CEST	443	59906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.537533998 CEST	59906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.537578106 CEST	59906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.537637949 CEST	59906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.537637949 CEST	59906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.537652016 CEST	443	59906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.537669897 CEST	443	59906	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.538461924 CEST	59910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.538558960 CEST	443	59910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.538640022 CEST	59910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.538764954 CEST	59910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.538801908 CEST	443	59910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.539463997 CEST	59911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.539499998 CEST	443	59911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.539565086 CEST	59911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.539695978 CEST	59911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.539707899 CEST	443	59911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.541217089 CEST	443	59907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.541254997 CEST	443	59907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.541292906 CEST	443	59907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.541295052 CEST	59907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.541337013 CEST	59907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.541439056 CEST	59907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.541450024 CEST	443	59907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.541459084 CEST	59907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.541462898 CEST	443	59907	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.543353081 CEST	59912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.543375969 CEST	443	59912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.543570995 CEST	59912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.543570995 CEST	59912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.543596029 CEST	443	59912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.614083052 CEST	443	59908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.614543915 CEST	59908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.614557981 CEST	443	59908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.614974022 CEST	59908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.614978075 CEST	443	59908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.624715090 CEST	443	59909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.625066996 CEST	59909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.625154018 CEST	443	59909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.625439882 CEST	59909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.625454903 CEST	443	59909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.725596905 CEST	443	59909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.725651026 CEST	443	59909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.725785971 CEST	443	59908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.725831032 CEST	59909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.725961924 CEST	443	59908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.726155996 CEST	59908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.726155996 CEST	59909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.726155996 CEST	59908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.726155996 CEST	59909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.726155996 CEST	59908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.726180077 CEST	443	59909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.726191044 CEST	443	59909	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.728915930 CEST	59913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.728957891 CEST	443	59913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.728971958 CEST	59914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.728977919 CEST	443	59914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.729021072 CEST	59913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.729048967 CEST	59914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.729176044 CEST	59913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.729176044 CEST	59914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:53.729182005 CEST	443	59913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:53.729187012 CEST	443	59914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.026911974 CEST	59908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.026942015 CEST	443	59908	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.144300938 CEST	443	59910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.144887924 CEST	59910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.144928932 CEST	443	59910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.145222902 CEST	59910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.145239115 CEST	443	59910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.161690950 CEST	443	59912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.162020922 CEST	59912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.162041903 CEST	443	59912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.162354946 CEST	59912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.162367105 CEST	443	59912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.172108889 CEST	443	59911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.172377110 CEST	59911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.172393084 CEST	443	59911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.172673941 CEST	59911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.172678947 CEST	443	59911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.239584923 CEST	443	59910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.239634991 CEST	443	59910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.239813089 CEST	59910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.239939928 CEST	59910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.239939928 CEST	59910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.239989996 CEST	443	59910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.240020037 CEST	443	59910	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.243052006 CEST	59915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.243078947 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.243160963 CEST	59915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.243324041 CEST	59915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.243336916 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.245548964 CEST	443	49832	23.1.237.91	192.168.2.5
Oct 7, 2024 17:08:54.245662928 CEST	49832	443	192.168.2.5	23.1.237.91
Oct 7, 2024 17:08:54.258997917 CEST	443	59912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.259046078 CEST	443	59912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.259171963 CEST	59912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.259438992 CEST	59912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.259447098 CEST	443	59912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.259455919 CEST	59912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.259459019 CEST	443	59912	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.261620998 CEST	59916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.261650085 CEST	443	59916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.261713028 CEST	59916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.261816025 CEST	59916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.261830091 CEST	443	59916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.270533085 CEST	443	59911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.270658016 CEST	443	59911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.270694971 CEST	443	59911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.270704031 CEST	59911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.270735979 CEST	59911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.270777941 CEST	59911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.270790100 CEST	443	59911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.270798922 CEST	59911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.270802975 CEST	443	59911	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.272577047 CEST	59917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.272617102 CEST	443	59917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.272690058 CEST	59917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.272814989 CEST	59917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.272828102 CEST	443	59917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.334990978 CEST	443	59913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.335537910 CEST	59913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.335552931 CEST	443	59913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.335954905 CEST	59913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.335958958 CEST	443	59913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.365051031 CEST	443	59914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.365641117 CEST	59914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.365658045 CEST	443	59914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.366041899 CEST	59914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.366045952 CEST	443	59914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.430129051 CEST	443	59913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.430176020 CEST	443	59913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.430351019 CEST	59913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.430474997 CEST	59913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.430495977 CEST	443	59913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.430507898 CEST	59913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.430512905 CEST	443	59913	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.433659077 CEST	59918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.433700085 CEST	443	59918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.433777094 CEST	59918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.433924913 CEST	59918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.433934927 CEST	443	59918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.496948004 CEST	443	59914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.496980906 CEST	443	59914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.497031927 CEST	443	59914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.497033119 CEST	59914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.497078896 CEST	59914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.497519016 CEST	59914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.497531891 CEST	443	59914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.497556925 CEST	59914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.497562885 CEST	443	59914	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.501379967 CEST	59919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.501437902 CEST	443	59919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.501512051 CEST	59919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.501751900 CEST	59919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.501766920 CEST	443	59919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.867158890 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.867654085 CEST	59915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.867672920 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.868190050 CEST	59915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.868195057 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.892584085 CEST	443	59916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.892947912 CEST	59916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.893030882 CEST	443	59916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.893367052 CEST	59916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.893382072 CEST	443	59916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.911691904 CEST	443	59917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.912043095 CEST	59917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.912105083 CEST	443	59917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.912408113 CEST	59917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.912421942 CEST	443	59917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.961549997 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.961617947 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.961671114 CEST	59915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.961679935 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.961726904 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.961864948 CEST	59915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.961884022 CEST	59915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.961894989 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.961904049 CEST	59915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.961910009 CEST	443	59915	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.964128971 CEST	59920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.964162111 CEST	443	59920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.964230061 CEST	59920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.964343071 CEST	59920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.964355946 CEST	443	59920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.996613979 CEST	443	59916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.996861935 CEST	443	59916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:54.997028112 CEST	59916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.997028112 CEST	59916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.997028112 CEST	59916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.999823093 CEST	59921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:54.999916077 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.000010014 CEST	59921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.000108957 CEST	59921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.000133038 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.009916067 CEST	443	59917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.010051012 CEST	443	59917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.010118961 CEST	59917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.010279894 CEST	59917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.010279894 CEST	59917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.010296106 CEST	443	59917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.010304928 CEST	443	59917	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.011869907 CEST	59922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.011892080 CEST	443	59922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.011951923 CEST	59922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.012176991 CEST	59922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.012201071 CEST	443	59922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.083031893 CEST	443	59918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.083463907 CEST	59918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.083497047 CEST	443	59918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.083904982 CEST	59918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.083910942 CEST	443	59918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.119324923 CEST	443	59919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.119767904 CEST	59919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.119831085 CEST	443	59919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.120282888 CEST	59919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.120296955 CEST	443	59919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.185668945 CEST	443	59918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.186016083 CEST	443	59918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.186106920 CEST	59918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.186151981 CEST	59918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.186151981 CEST	59918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.186173916 CEST	443	59918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.186184883 CEST	443	59918	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.188676119 CEST	59923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.188711882 CEST	443	59923	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.188771963 CEST	59923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.188898087 CEST	59923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.188909054 CEST	443	59923	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.213571072 CEST	443	59919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.213984013 CEST	443	59919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.214056969 CEST	59919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.214111090 CEST	59919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.214150906 CEST	443	59919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.214199066 CEST	59919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.214214087 CEST	443	59919	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.217531919 CEST	59924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.217578888 CEST	443	59924	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.217649937 CEST	59924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.217798948 CEST	59924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.217828035 CEST	443	59924	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.309148073 CEST	59916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.309154987 CEST	443	59916	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.585810900 CEST	443	59920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.586663961 CEST	59920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.586695910 CEST	443	59920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.587358952 CEST	59920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.587363958 CEST	443	59920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.638076067 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.640352011 CEST	59921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.640417099 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.650415897 CEST	59921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.650429010 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.690649986 CEST	443	59920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.690721035 CEST	443	59920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.690860987 CEST	59920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.732045889 CEST	59920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.732083082 CEST	443	59920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.732098103 CEST	59920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.732104063 CEST	443	59920	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.745790958 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.745857954 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.745922089 CEST	59921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.745954037 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.745990038 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.749051094 CEST	59921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.774265051 CEST	59921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.774265051 CEST	59921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.774310112 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.774317026 CEST	443	59921	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.781758070 CEST	59925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.781820059 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.781898975 CEST	59925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.782202959 CEST	59925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.782222986 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.782733917 CEST	59926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.782754898 CEST	443	59926	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.782896042 CEST	59926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.783018112 CEST	59926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.783034086 CEST	443	59926	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.797271967 CEST	443	59923	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.797830105 CEST	59923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.797863007 CEST	443	59923	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.798306942 CEST	59923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.798312902 CEST	443	59923	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.826719999 CEST	443	59924	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.827143908 CEST	59924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.827229977 CEST	443	59924	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.827593088 CEST	59924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.827608109 CEST	443	59924	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.893155098 CEST	443	59923	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.893179893 CEST	443	59923	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.893217087 CEST	443	59923	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.893255949 CEST	59923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.893332005 CEST	59923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.893487930 CEST	59923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.893488884 CEST	59923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.893544912 CEST	443	59923	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.893573046 CEST	443	59923	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.895958900 CEST	59927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.896038055 CEST	443	59927	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.896302938 CEST	59927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.896302938 CEST	59927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.896380901 CEST	443	59927	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.922635078 CEST	443	59924	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.923141956 CEST	443	59924	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.923233032 CEST	59924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.923425913 CEST	59924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.923454046 CEST	443	59924	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.923491001 CEST	59924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.923505068 CEST	443	59924	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.925460100 CEST	59928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.925497055 CEST	443	59928	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:55.925566912 CEST	59928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.925669909 CEST	59928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:55.925678968 CEST	443	59928	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.805811882 CEST	443	59926	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.806050062 CEST	443	59927	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.806452990 CEST	59926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.806478977 CEST	443	59926	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.806505919 CEST	59927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.806575060 CEST	443	59927	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.806958914 CEST	59927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.806976080 CEST	443	59927	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.807081938 CEST	59926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.807085991 CEST	443	59926	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.809025049 CEST	443	59928	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.809380054 CEST	59928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.809413910 CEST	443	59928	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.809627056 CEST	59928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.809633017 CEST	443	59928	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.812458038 CEST	443	59922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.812573910 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.812727928 CEST	59922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.812798977 CEST	443	59922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.812824965 CEST	59925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.812832117 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.813088894 CEST	59922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.813102961 CEST	443	59922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.813128948 CEST	59925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.813132048 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.901112080 CEST	443	59927	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.901118040 CEST	443	59926	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.901436090 CEST	443	59926	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.901639938 CEST	59926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.901639938 CEST	59926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.901639938 CEST	59926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.901788950 CEST	443	59927	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.901823997 CEST	443	59927	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.901849985 CEST	59927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.901904106 CEST	59927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.901940107 CEST	59927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.901941061 CEST	59927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.901973009 CEST	443	59927	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.901995897 CEST	443	59927	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.904730082 CEST	59929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.904824018 CEST	443	59929	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.904864073 CEST	59930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.904886007 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.904912949 CEST	59929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.904977083 CEST	59930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.905081987 CEST	59929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.905081987 CEST	59930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.905122042 CEST	443	59929	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.905157089 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.909842014 CEST	443	59928	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.910000086 CEST	443	59928	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.910053015 CEST	59928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.910084963 CEST	59928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.910084963 CEST	59928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.910101891 CEST	443	59928	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.910110950 CEST	443	59928	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.911500931 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.911645889 CEST	443	59922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.911803961 CEST	443	59922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.911844015 CEST	59931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.911855936 CEST	59922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.911861897 CEST	443	59931	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.911904097 CEST	59922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.911914110 CEST	59931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.911935091 CEST	443	59922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.911948919 CEST	59922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.911962032 CEST	443	59922	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.912045956 CEST	59931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.912056923 CEST	443	59931	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.912278891 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.912328959 CEST	59925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.912357092 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.912383080 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.912434101 CEST	59925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.912508011 CEST	59925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.912520885 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.912580013 CEST	59925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.912587881 CEST	443	59925	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.913851976 CEST	59932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.913876057 CEST	443	59932	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.913944960 CEST	59932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.914045095 CEST	59932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.914057016 CEST	443	59932	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.914418936 CEST	59933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.914462090 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:56.914526939 CEST	59933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.914688110 CEST	59933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:56.914702892 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.201334000 CEST	59926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.201366901 CEST	443	59926	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.622433901 CEST	443	59929	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.622957945 CEST	59929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.623038054 CEST	443	59929	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.623804092 CEST	59929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.623812914 CEST	443	59929	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.624380112 CEST	443	59932	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.624397039 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.624419928 CEST	443	59931	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.624834061 CEST	59932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.624851942 CEST	443	59932	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.625241995 CEST	59931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.625266075 CEST	443	59931	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.625272989 CEST	59932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.625279903 CEST	443	59932	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.625454903 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.625850916 CEST	59931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.625855923 CEST	443	59931	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.626007080 CEST	59930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.626038074 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.626375914 CEST	59933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.626399994 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.626498938 CEST	59930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.626508951 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.626945019 CEST	59933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.626949072 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.718293905 CEST	443	59929	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.718317986 CEST	443	59929	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.718374014 CEST	443	59929	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.718403101 CEST	59929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.718468904 CEST	59929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.718635082 CEST	59929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.718683004 CEST	443	59929	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.718735933 CEST	59929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.718751907 CEST	443	59929	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.719635963 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.719666004 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.719728947 CEST	59930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.719752073 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.719901085 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.719903946 CEST	59930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.719929934 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.719955921 CEST	59930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.719955921 CEST	59930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.719969988 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.719994068 CEST	443	59930	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.720558882 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.720683098 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.720843077 CEST	59933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.720858097 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.720964909 CEST	59933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.720964909 CEST	59933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.720978022 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.721009016 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.721172094 CEST	59933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.721187115 CEST	443	59933	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.721328974 CEST	443	59931	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.721343994 CEST	443	59932	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.721352100 CEST	443	59931	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.721385002 CEST	443	59931	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.721396923 CEST	59931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.721415997 CEST	443	59932	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.721425056 CEST	59931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.721457005 CEST	59932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.721585989 CEST	59932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.721605062 CEST	443	59932	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.721616983 CEST	59932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.721625090 CEST	443	59932	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.722090006 CEST	59934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.722109079 CEST	443	59934	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.722174883 CEST	59934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.722224951 CEST	59931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.722239971 CEST	443	59931	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.722249031 CEST	59931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.722254992 CEST	443	59931	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.723026037 CEST	59934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.723043919 CEST	443	59934	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.724021912 CEST	59935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.724046946 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.724118948 CEST	59935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.724292994 CEST	59936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.724302053 CEST	443	59936	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.724350929 CEST	59936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.724430084 CEST	59935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.724442959 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.725178957 CEST	59936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.725191116 CEST	443	59936	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.725210905 CEST	59937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.725210905 CEST	59938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.725227118 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.725239038 CEST	443	59938	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.725303888 CEST	59937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.725303888 CEST	59938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.725449085 CEST	59938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.725449085 CEST	59937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:57.725464106 CEST	443	59938	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:57.725482941 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.265309095 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:58.265403986 CEST	443	59939	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:58.265482903 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:58.267366886 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:58.267421007 CEST	443	59939	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:58.598041058 CEST	443	59934	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.598234892 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.598500013 CEST	59934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.598522902 CEST	443	59934	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.598576069 CEST	59937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.598586082 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.598711967 CEST	443	59936	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.599031925 CEST	59937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.599040031 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.599057913 CEST	59934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.599064112 CEST	443	59934	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.599463940 CEST	59936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.599483013 CEST	443	59936	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.599817038 CEST	59936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.599821091 CEST	443	59936	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.599926949 CEST	443	59938	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.600178003 CEST	59938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.600192070 CEST	443	59938	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.600539923 CEST	59938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.600544930 CEST	443	59938	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.601538897 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.601797104 CEST	59935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.601803064 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.602133989 CEST	59935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.602138042 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.696918964 CEST	443	59934	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.696985006 CEST	443	59934	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.697038889 CEST	59934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.697211981 CEST	59934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.697227955 CEST	443	59934	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.697241068 CEST	59934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.697248936 CEST	443	59934	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.699101925 CEST	443	59938	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.699158907 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.699178934 CEST	443	59938	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.699229956 CEST	59938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.699235916 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.699281931 CEST	59937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.699290037 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.699367046 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.699369907 CEST	59937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.699369907 CEST	59937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.699435949 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.699625015 CEST	59937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.699630976 CEST	443	59937	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.699884892 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.699944973 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.700000048 CEST	59935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.700011015 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.700047016 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.700088024 CEST	59935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.700459003 CEST	443	59936	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.700521946 CEST	443	59936	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.700563908 CEST	59936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.701421976 CEST	59940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.701472998 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.701544046 CEST	59940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.701592922 CEST	59935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.701603889 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.701612949 CEST	59935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.701617956 CEST	443	59935	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.702085972 CEST	59936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.702090025 CEST	443	59936	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.702608109 CEST	59940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.702624083 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.702641010 CEST	59938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.702650070 CEST	443	59938	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.702661037 CEST	59938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.702665091 CEST	443	59938	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.704617977 CEST	59941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.704685926 CEST	443	59941	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.704767942 CEST	59941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.704864025 CEST	59941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.704895973 CEST	443	59941	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.704926014 CEST	59942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.704945087 CEST	443	59942	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.705003977 CEST	59942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.705178976 CEST	59942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.705205917 CEST	443	59942	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.705770016 CEST	59943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.705785990 CEST	443	59943	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.705821037 CEST	59944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.705852032 CEST	59943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.705895901 CEST	443	59944	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.705940008 CEST	59943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.705950975 CEST	443	59943	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:58.705951929 CEST	59944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.706021070 CEST	59944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:58.706048965 CEST	443	59944	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.549362898 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.549969912 CEST	59940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.550002098 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.550854921 CEST	59940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.550859928 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.552997112 CEST	443	59941	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.556649923 CEST	59941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.556731939 CEST	443	59941	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.557667971 CEST	59941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.557687998 CEST	443	59941	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.646019936 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.646085024 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.646159887 CEST	59940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.646178961 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.646394968 CEST	59940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.646428108 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.646449089 CEST	59940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.646449089 CEST	59940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.646460056 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.646469116 CEST	443	59940	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.649238110 CEST	443	59941	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.649296999 CEST	443	59941	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.649295092 CEST	59945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.649338961 CEST	443	59945	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.649357080 CEST	59941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.649427891 CEST	59945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.649492979 CEST	59941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.649516106 CEST	443	59941	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.649527073 CEST	59941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.649533987 CEST	443	59941	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.649665117 CEST	59945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.649677992 CEST	443	59945	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.651762962 CEST	59946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.651771069 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.651842117 CEST	59946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.651987076 CEST	59946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.651995897 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.709728956 CEST	443	59944	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.710237026 CEST	59944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.710315943 CEST	443	59944	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.710691929 CEST	59944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:08:59.710706949 CEST	443	59944	13.107.246.45	192.168.2.5
Oct 7, 2024 17:08:59.718147039 CEST	443	59939	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:59.718235016 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:59.719953060 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:59.719964981 CEST	443	59939	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:59.720217943 CEST	443	59939	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:59.721395016 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:59.721453905 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:59.721465111 CEST	443	59939	40.113.110.67	192.168.2.5
Oct 7, 2024 17:08:59.721584082 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:08:59.763432026 CEST	443	59939	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:00.135373116 CEST	443	59944	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.135560036 CEST	443	59944	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.135560036 CEST	443	59939	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:00.135643959 CEST	443	59939	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:00.135649920 CEST	59944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.135756969 CEST	59944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.135806084 CEST	443	59944	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.135848999 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:00.135848999 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:00.135960102 CEST	443	59942	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.138679981 CEST	59942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.138731956 CEST	443	59942	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.139096975 CEST	59942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.139108896 CEST	443	59942	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.140649080 CEST	59947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.140697956 CEST	443	59947	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.140804052 CEST	59947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.140950918 CEST	59947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.140976906 CEST	443	59947	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.141356945 CEST	443	59943	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.142162085 CEST	59943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.142163038 CEST	59943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.142199993 CEST	443	59943	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.142211914 CEST	443	59943	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.234962940 CEST	443	59942	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.235160112 CEST	443	59942	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.235296011 CEST	59942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.235380888 CEST	59942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.235380888 CEST	59942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.235423088 CEST	443	59942	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.235471010 CEST	443	59942	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.238311052 CEST	59948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.238414049 CEST	443	59948	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.239489079 CEST	59948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.239658117 CEST	59948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.239706039 CEST	443	59948	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.282428026 CEST	443	59943	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.282497883 CEST	443	59943	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.282602072 CEST	443	59943	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.282665014 CEST	59943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.282665014 CEST	59943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.282846928 CEST	59943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.282846928 CEST	59943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.282891035 CEST	443	59943	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.282902002 CEST	443	59943	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.285832882 CEST	59949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.285929918 CEST	443	59949	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.286045074 CEST	59949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.286248922 CEST	59949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.286284924 CEST	443	59949	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.311181068 CEST	443	59945	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.313513041 CEST	59945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.313539982 CEST	443	59945	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.314106941 CEST	59945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.314111948 CEST	443	59945	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.316606998 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.317384958 CEST	59946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.317393064 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.317914963 CEST	59946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.317918062 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.406975985 CEST	443	59945	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.407037973 CEST	443	59945	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.407186031 CEST	59945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.407473087 CEST	59945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.407490015 CEST	443	59945	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.407499075 CEST	59945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.407504082 CEST	443	59945	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.410684109 CEST	59950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.410758018 CEST	443	59950	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.410851002 CEST	59950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.411004066 CEST	59950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.411036015 CEST	443	59950	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.413292885 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.413398981 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.413463116 CEST	59946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.413470030 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.413505077 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.413552046 CEST	59946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.413685083 CEST	59946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.413687944 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.413696051 CEST	59946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.413698912 CEST	443	59946	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.415738106 CEST	59951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.415860891 CEST	443	59951	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.417064905 CEST	59951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.417212963 CEST	59951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.417254925 CEST	443	59951	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.433644056 CEST	59939	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:00.433686972 CEST	443	59939	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:00.776258945 CEST	443	59947	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.788713932 CEST	59947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.788784027 CEST	443	59947	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.791711092 CEST	59947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.791731119 CEST	443	59947	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.882797956 CEST	443	59948	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.883416891 CEST	59948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.883449078 CEST	443	59948	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.883740902 CEST	59948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.883759022 CEST	443	59948	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.903778076 CEST	443	59949	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.904221058 CEST	59949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.904277086 CEST	443	59949	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.904417992 CEST	59949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.904431105 CEST	443	59949	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.910998106 CEST	443	59947	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.911181927 CEST	443	59947	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.911248922 CEST	59947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.911288977 CEST	59947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.911288977 CEST	59947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.911310911 CEST	443	59947	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.911324024 CEST	443	59947	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.913975954 CEST	59952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.914012909 CEST	443	59952	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.914094925 CEST	59952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.914238930 CEST	59952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.914247990 CEST	443	59952	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.981023073 CEST	443	59948	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.981102943 CEST	443	59948	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.981211901 CEST	443	59948	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.981267929 CEST	59948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.981267929 CEST	59948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.981394053 CEST	59948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.981394053 CEST	59948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.981422901 CEST	443	59948	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.981436014 CEST	443	59948	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.984453917 CEST	59953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.984508038 CEST	443	59953	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:00.985059977 CEST	59953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.985167027 CEST	59953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:00.985174894 CEST	443	59953	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.005846024 CEST	443	59949	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.006486893 CEST	443	59949	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.006587982 CEST	59949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.006767988 CEST	59949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.006810904 CEST	443	59949	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.006839037 CEST	59949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.006854057 CEST	443	59949	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.009299040 CEST	59954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.009320974 CEST	443	59954	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.009394884 CEST	59954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.009607077 CEST	59954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.009615898 CEST	443	59954	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.042371035 CEST	443	59950	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.045136929 CEST	443	59951	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.045197010 CEST	59950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.045258999 CEST	443	59950	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.045603991 CEST	59950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.045623064 CEST	443	59950	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.046376944 CEST	59951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.046442986 CEST	443	59951	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.046704054 CEST	59951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.046717882 CEST	443	59951	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.140749931 CEST	443	59950	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.140995026 CEST	443	59950	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.141082048 CEST	59950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.141230106 CEST	59950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.141263008 CEST	443	59950	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.141293049 CEST	59950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.141309023 CEST	443	59950	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.143474102 CEST	59955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.143580914 CEST	443	59955	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.144577980 CEST	443	59951	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.144613981 CEST	443	59951	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.144665956 CEST	59955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.144668102 CEST	443	59951	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.144694090 CEST	59951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.144761086 CEST	59951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.144768000 CEST	59955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.144789934 CEST	443	59955	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.144849062 CEST	59951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.144895077 CEST	443	59951	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.144926071 CEST	59951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.144942045 CEST	443	59951	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.146527052 CEST	59956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.146558046 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.146626949 CEST	59956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.146722078 CEST	59956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.146733046 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.533690929 CEST	443	59952	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.534130096 CEST	59952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.534145117 CEST	443	59952	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.534627914 CEST	59952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.534634113 CEST	443	59952	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.603733063 CEST	443	59953	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.604085922 CEST	59953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.604123116 CEST	443	59953	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.604525089 CEST	59953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.604532003 CEST	443	59953	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.624937057 CEST	443	59954	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.625250101 CEST	59954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.625268936 CEST	443	59954	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.625684023 CEST	59954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.625689030 CEST	443	59954	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.631000996 CEST	443	59952	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.631170988 CEST	443	59952	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.631237030 CEST	59952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.631306887 CEST	59952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.631306887 CEST	59952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.631341934 CEST	443	59952	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.631367922 CEST	443	59952	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.633873940 CEST	59957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.633903980 CEST	443	59957	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.633965969 CEST	59957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.634084940 CEST	59957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.634092093 CEST	443	59957	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.701373100 CEST	443	59953	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.701545954 CEST	443	59953	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.701610088 CEST	59953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.701761007 CEST	59953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.701786995 CEST	443	59953	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.701796055 CEST	59953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.701801062 CEST	443	59953	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.704240084 CEST	59958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.704277992 CEST	443	59958	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.704358101 CEST	59958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.704507113 CEST	59958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.704519987 CEST	443	59958	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.719582081 CEST	443	59954	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.719671011 CEST	443	59954	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.719718933 CEST	443	59954	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.719736099 CEST	59954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.719782114 CEST	59954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.719883919 CEST	59954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.719909906 CEST	443	59954	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.719921112 CEST	59954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.719926119 CEST	443	59954	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.722059965 CEST	59959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.722100973 CEST	443	59959	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.722197056 CEST	59959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.722321033 CEST	59959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.722337008 CEST	443	59959	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.770217896 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.770745039 CEST	59956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.770764112 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.771342039 CEST	59956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.771348953 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.779864073 CEST	443	59955	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.780149937 CEST	59955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.780208111 CEST	443	59955	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.780471087 CEST	59955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.780491114 CEST	443	59955	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.868997097 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.869043112 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.869092941 CEST	59956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.869103909 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.869132042 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.869168043 CEST	59956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.869296074 CEST	59956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.869309902 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.869323969 CEST	59956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.869329929 CEST	443	59956	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.871599913 CEST	59960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.871682882 CEST	443	59960	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.871769905 CEST	59960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.871906996 CEST	59960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.871926069 CEST	443	59960	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.879192114 CEST	443	59955	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.879646063 CEST	443	59955	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.879713058 CEST	59955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.879776001 CEST	59955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.879776001 CEST	59955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.879811049 CEST	443	59955	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.879833937 CEST	443	59955	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.881577015 CEST	59961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.881679058 CEST	443	59961	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:01.881767988 CEST	59961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.881872892 CEST	59961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:01.881911993 CEST	443	59961	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.785335064 CEST	443	59957	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.785974026 CEST	59957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.785996914 CEST	443	59957	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.786454916 CEST	59957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.786459923 CEST	443	59957	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.882091045 CEST	443	59957	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.882683992 CEST	443	59957	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.882785082 CEST	59957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.882994890 CEST	59957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.883016109 CEST	443	59957	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.883028030 CEST	59957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.883033037 CEST	443	59957	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.885689020 CEST	59962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.885785103 CEST	443	59962	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.885889053 CEST	59962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.886012077 CEST	59962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.886038065 CEST	443	59962	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.957339048 CEST	443	59958	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.960763931 CEST	59958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.960786104 CEST	443	59958	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.961220980 CEST	59958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.961225986 CEST	443	59958	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.962395906 CEST	443	59961	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.963996887 CEST	59961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.964030981 CEST	443	59961	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.967026949 CEST	59961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.967042923 CEST	443	59961	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.971663952 CEST	443	59960	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.972881079 CEST	59960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.972944975 CEST	443	59960	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.973258018 CEST	59960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.973273993 CEST	443	59960	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.973932981 CEST	443	59959	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.976674080 CEST	59959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.976696014 CEST	443	59959	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:02.977058887 CEST	59959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:02.977066040 CEST	443	59959	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.053385019 CEST	443	59958	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.053797007 CEST	443	59958	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.053919077 CEST	59958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.058229923 CEST	443	59961	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.058310986 CEST	443	59961	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.058487892 CEST	59961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.070563078 CEST	443	59960	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.070600033 CEST	443	59960	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.070652962 CEST	443	59960	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.070826054 CEST	59960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.070827007 CEST	59960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.073635101 CEST	443	59959	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.073786974 CEST	443	59959	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.073862076 CEST	59959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.271817923 CEST	59958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.271817923 CEST	59958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.271846056 CEST	443	59958	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.271853924 CEST	443	59958	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.272948980 CEST	59961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.272948980 CEST	59961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.273029089 CEST	443	59961	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.273067951 CEST	443	59961	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.274005890 CEST	59960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.274005890 CEST	59960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.274085999 CEST	443	59960	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.274117947 CEST	443	59960	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.274687052 CEST	59959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.274710894 CEST	443	59959	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.274744987 CEST	59959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.274755001 CEST	443	59959	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.281414032 CEST	59963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.281476974 CEST	443	59963	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.281548977 CEST	59963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.281641006 CEST	59964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.281693935 CEST	443	59964	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.281743050 CEST	59964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.281987906 CEST	59965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.282052994 CEST	59963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.282078028 CEST	443	59965	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.282085896 CEST	443	59963	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.282154083 CEST	59965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.282181025 CEST	59964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.282197952 CEST	443	59964	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.282246113 CEST	59966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.282275915 CEST	443	59966	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.282299995 CEST	59965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.282331944 CEST	443	59965	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.282362938 CEST	59966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.282403946 CEST	59966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.282416105 CEST	443	59966	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.661981106 CEST	443	59962	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.662514925 CEST	59962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.662580967 CEST	443	59962	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.662983894 CEST	59962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.662998915 CEST	443	59962	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.777156115 CEST	443	59962	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.777182102 CEST	443	59962	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.777218103 CEST	443	59962	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.777245998 CEST	59962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.777282000 CEST	59962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.777529955 CEST	59962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.777549028 CEST	443	59962	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.777561903 CEST	59962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.777566910 CEST	443	59962	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.780678988 CEST	59967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.780734062 CEST	443	59967	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.780822039 CEST	59967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.781001091 CEST	59967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.781013966 CEST	443	59967	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.898605108 CEST	443	59963	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.899019957 CEST	59963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.899059057 CEST	443	59963	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.899475098 CEST	59963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.899485111 CEST	443	59963	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.928849936 CEST	443	59964	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.929250002 CEST	59964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.929284096 CEST	443	59964	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.929682016 CEST	59964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.929687977 CEST	443	59964	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.933211088 CEST	443	59965	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.933525085 CEST	59965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.933609009 CEST	443	59965	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.934061050 CEST	59965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.934075117 CEST	443	59965	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.948497057 CEST	443	59966	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.948787928 CEST	59966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.948820114 CEST	443	59966	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.949125051 CEST	59966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.949136019 CEST	443	59966	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.994469881 CEST	443	59963	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.994618893 CEST	443	59963	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.994785070 CEST	59963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.994785070 CEST	59963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.996141911 CEST	59963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.996174097 CEST	443	59963	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.997574091 CEST	59968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.997615099 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:03.997683048 CEST	59968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.997814894 CEST	59968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:03.997828007 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.030231953 CEST	443	59964	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.030260086 CEST	443	59964	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.030306101 CEST	443	59964	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.030528069 CEST	59964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.030528069 CEST	59964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.030580044 CEST	59964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.030580044 CEST	59964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.030600071 CEST	443	59964	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.030616999 CEST	443	59964	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.033077955 CEST	59969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.033133984 CEST	443	59969	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.033221960 CEST	59969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.033370972 CEST	59969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.033386946 CEST	443	59969	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.033488035 CEST	443	59965	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.034097910 CEST	443	59965	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.034168005 CEST	59965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.034235001 CEST	59965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.034235001 CEST	59965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.034270048 CEST	443	59965	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.034292936 CEST	443	59965	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.036029100 CEST	59970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.036052942 CEST	443	59970	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.036128998 CEST	59970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.036226034 CEST	59970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.036253929 CEST	443	59970	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.053565025 CEST	443	59966	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.053785086 CEST	443	59966	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.053859949 CEST	59966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.053905964 CEST	59966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.053925037 CEST	443	59966	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.053949118 CEST	59966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.053962946 CEST	443	59966	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.056162119 CEST	59971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.056267977 CEST	443	59971	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.056369066 CEST	59971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.056530952 CEST	59971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.056566000 CEST	443	59971	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.408746958 CEST	443	59967	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.409272909 CEST	59967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.409324884 CEST	443	59967	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.409775972 CEST	59967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.409784079 CEST	443	59967	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.507165909 CEST	443	59967	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.507324934 CEST	443	59967	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.507380009 CEST	59967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.507467985 CEST	59967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.507483006 CEST	443	59967	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.507496119 CEST	59967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.507503033 CEST	443	59967	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.510066032 CEST	59972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.510091066 CEST	443	59972	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.510153055 CEST	59972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.510281086 CEST	59972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.510288000 CEST	443	59972	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.533098936 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.533504963 CEST	59968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.533559084 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.534018993 CEST	59968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.534032106 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.630947113 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.631021023 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.631082058 CEST	59968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.631128073 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.631160975 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.631210089 CEST	59968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.631320000 CEST	59968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.631354094 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.631407976 CEST	59968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.631422997 CEST	443	59968	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.634033918 CEST	59973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.634144068 CEST	443	59973	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.634233952 CEST	59973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.634351015 CEST	59973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.634376049 CEST	443	59973	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.646421909 CEST	443	59970	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.646794081 CEST	59970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.646863937 CEST	443	59970	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.647207975 CEST	59970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.647226095 CEST	443	59970	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.649214983 CEST	443	59969	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.649502993 CEST	59969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.649518013 CEST	443	59969	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.649914026 CEST	59969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.649925947 CEST	443	59969	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.694063902 CEST	443	59971	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.694359064 CEST	59971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.694382906 CEST	443	59971	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.694722891 CEST	59971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.694734097 CEST	443	59971	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.749313116 CEST	443	59969	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.749403000 CEST	443	59969	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.749551058 CEST	59969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.752425909 CEST	443	59970	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.752502918 CEST	59969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.752502918 CEST	59969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.752557993 CEST	443	59969	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.752590895 CEST	443	59969	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.752819061 CEST	443	59970	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.752880096 CEST	59970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.753009081 CEST	59970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.753009081 CEST	59970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.753025055 CEST	443	59970	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.753047943 CEST	443	59970	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.755501032 CEST	59974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.755556107 CEST	443	59974	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.755593061 CEST	59975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.755625963 CEST	443	59975	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.755640030 CEST	59974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.755669117 CEST	59975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.755764961 CEST	59974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.755786896 CEST	59975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.755793095 CEST	443	59975	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.755795956 CEST	443	59974	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.788906097 CEST	443	59971	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.789060116 CEST	443	59971	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.789132118 CEST	59971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.789189100 CEST	59971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.789189100 CEST	59971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.789222002 CEST	443	59971	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.789247990 CEST	443	59971	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.791549921 CEST	59976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.791646004 CEST	443	59976	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:04.791749954 CEST	59976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.791866064 CEST	59976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:04.791891098 CEST	443	59976	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.036166906 CEST	59977	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:05.036267996 CEST	443	59977	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:05.036375046 CEST	59977	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:05.036890984 CEST	59977	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:05.036926985 CEST	443	59977	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:05.137552023 CEST	443	59972	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.138117075 CEST	59972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.138143063 CEST	443	59972	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.138612986 CEST	59972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.138619900 CEST	443	59972	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.234566927 CEST	443	59972	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.234747887 CEST	443	59972	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.234800100 CEST	59972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.234970093 CEST	59972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.234985113 CEST	443	59972	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.234997988 CEST	59972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.235003948 CEST	443	59972	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.238615990 CEST	59978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.238665104 CEST	443	59978	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.238728046 CEST	59978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.238951921 CEST	59978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.238962889 CEST	443	59978	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.277426004 CEST	443	59973	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.277844906 CEST	59973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.277932882 CEST	443	59973	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.278264046 CEST	59973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.278280973 CEST	443	59973	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.391021967 CEST	443	59975	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.399853945 CEST	443	59976	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.400038004 CEST	59975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.400060892 CEST	443	59975	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.400495052 CEST	59975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.400500059 CEST	443	59975	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.400732994 CEST	59976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.400773048 CEST	443	59976	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.401078939 CEST	59976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.401087046 CEST	443	59976	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.401277065 CEST	443	59974	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.401504040 CEST	59974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.401561022 CEST	443	59974	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.401854038 CEST	59974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.401866913 CEST	443	59974	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.411618948 CEST	443	59973	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.411777020 CEST	443	59973	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.411839008 CEST	59973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.413676023 CEST	59973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.413676977 CEST	59973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.413712025 CEST	443	59973	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.413734913 CEST	443	59973	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.416006088 CEST	59979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.416043997 CEST	443	59979	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.416100025 CEST	59979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.416193008 CEST	59979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.416205883 CEST	443	59979	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.703159094 CEST	59980	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:05.703212023 CEST	443	59980	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:05.703286886 CEST	59980	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:05.704963923 CEST	59980	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:05.704981089 CEST	443	59980	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:05.719078064 CEST	443	59976	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.719084978 CEST	443	59975	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.719099998 CEST	443	59976	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.719149113 CEST	443	59976	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.719177961 CEST	59976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.719199896 CEST	443	59975	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.719230890 CEST	59976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.719284058 CEST	443	59974	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.719333887 CEST	59975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.719367027 CEST	443	59974	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.719409943 CEST	59974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.726227045 CEST	59976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.726242065 CEST	443	59976	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.726253986 CEST	59976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.726259947 CEST	443	59976	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.727488995 CEST	59975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.727516890 CEST	443	59975	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.727530003 CEST	59975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.727538109 CEST	443	59975	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.740320921 CEST	59974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.740339994 CEST	443	59974	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.740350962 CEST	59974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.740355968 CEST	443	59974	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.744178057 CEST	59982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.744224072 CEST	443	59982	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.744234085 CEST	59981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.744241953 CEST	443	59981	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.744282961 CEST	59982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.744312048 CEST	59981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.744815111 CEST	59983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.744839907 CEST	443	59983	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.744920969 CEST	59983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.745007038 CEST	59981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.745024920 CEST	443	59981	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.745106936 CEST	59982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.745117903 CEST	443	59982	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.745326042 CEST	59983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.745341063 CEST	443	59983	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.894575119 CEST	443	59977	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:05.894722939 CEST	59977	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:05.896851063 CEST	59977	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:05.896913052 CEST	443	59977	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:05.897320032 CEST	443	59977	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:05.899281025 CEST	59977	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:05.899360895 CEST	59977	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:05.899379015 CEST	443	59977	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:05.899499893 CEST	59977	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:05.903964043 CEST	443	59978	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.904717922 CEST	59978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.904755116 CEST	443	59978	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.905230045 CEST	59978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:05.905239105 CEST	443	59978	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:05.943439960 CEST	443	59977	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:05.952898026 CEST	59984	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:05.952997923 CEST	443	59984	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:05.953069925 CEST	59984	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:05.953588963 CEST	59984	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:05.953624010 CEST	443	59984	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:06.456160069 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:06.456275940 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:06.456989050 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:06.457209110 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:06.457233906 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.082309008 CEST	443	59979	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.083827019 CEST	59979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.083863974 CEST	443	59979	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.084304094 CEST	59979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.084310055 CEST	443	59979	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.086873055 CEST	443	59978	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.086941957 CEST	443	59978	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.087018013 CEST	59978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.087160110 CEST	59978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.087179899 CEST	443	59978	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.087191105 CEST	59978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.087197065 CEST	443	59978	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.087215900 CEST	443	59977	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:07.087311983 CEST	443	59977	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:07.087398052 CEST	59977	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:07.087563038 CEST	59977	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:07.087588072 CEST	443	59977	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:07.092140913 CEST	443	59984	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.092927933 CEST	59986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.092948914 CEST	443	59986	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.093118906 CEST	443	59980	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.093190908 CEST	59986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.093313932 CEST	59984	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:07.093326092 CEST	443	59984	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.093444109 CEST	59980	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:07.093460083 CEST	443	59980	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.093719959 CEST	443	59984	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.094310045 CEST	443	59980	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.094691038 CEST	59980	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:07.094816923 CEST	443	59980	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.094969034 CEST	59984	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:07.095040083 CEST	443	59984	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.095158100 CEST	59980	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:07.095174074 CEST	59980	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:07.095204115 CEST	443	59980	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.095277071 CEST	59984	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:07.095321894 CEST	59984	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:07.095334053 CEST	443	59984	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:07.095523119 CEST	59986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.095535040 CEST	443	59986	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.183921099 CEST	443	59979	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.183994055 CEST	443	59979	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.184113026 CEST	443	59979	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.184257030 CEST	59979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.184257030 CEST	59979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.184514999 CEST	59979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.184530973 CEST	443	59979	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.188214064 CEST	59987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.188263893 CEST	443	59987	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.188402891 CEST	59987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.188551903 CEST	59987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.188569069 CEST	443	59987	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.267326117 CEST	443	59982	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.267899036 CEST	59982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.267924070 CEST	443	59982	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.268321991 CEST	59982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.268328905 CEST	443	59982	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.271677017 CEST	443	59983	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.272006035 CEST	59983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.272017002 CEST	443	59983	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.272396088 CEST	59983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.272401094 CEST	443	59983	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.282677889 CEST	443	59981	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.283004999 CEST	59981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.283011913 CEST	443	59981	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:07.283397913 CEST	59981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:07.283401966 CEST	443	59981	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.034529924 CEST	443	59982	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.034564018 CEST	443	59982	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.034625053 CEST	443	59982	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.034735918 CEST	59982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.034735918 CEST	59982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.034785032 CEST	443	59984	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.034818888 CEST	443	59980	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.035228014 CEST	443	59980	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.035250902 CEST	443	59984	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.035275936 CEST	59980	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.035326958 CEST	59984	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.035940886 CEST	443	59983	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.036010027 CEST	443	59983	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.036046982 CEST	443	59981	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.036051989 CEST	59983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.036165953 CEST	443	59981	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.036505938 CEST	59981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.036621094 CEST	59980	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.036638021 CEST	443	59980	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.037316084 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.037631035 CEST	59984	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.037646055 CEST	443	59984	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.037985086 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.038034916 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.038405895 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.038467884 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.039120913 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.039175987 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.039433002 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.039501905 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.039771080 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.039793015 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.039828062 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.042387962 CEST	59982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.042387962 CEST	59982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.042411089 CEST	443	59982	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.042423964 CEST	443	59982	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.045648098 CEST	59983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.045648098 CEST	59983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.045667887 CEST	443	59983	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.045681000 CEST	443	59983	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.059417009 CEST	59981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.059417963 CEST	59981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.059448957 CEST	443	59981	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.059462070 CEST	443	59981	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.087403059 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.089423895 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.112008095 CEST	59988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.112068892 CEST	443	59988	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.112143040 CEST	59988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.163717985 CEST	59990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.163786888 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.163803101 CEST	59989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.163813114 CEST	443	59989	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.163893938 CEST	59990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.163925886 CEST	59989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.164335966 CEST	59988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.164416075 CEST	443	59988	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.164561987 CEST	59990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.164599895 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.164639950 CEST	59989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.164663076 CEST	443	59989	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.225017071 CEST	443	59986	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.225047112 CEST	443	59987	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.225574017 CEST	59986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.225589991 CEST	59987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.225603104 CEST	443	59986	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.225681067 CEST	443	59987	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.226027966 CEST	59986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.226037025 CEST	443	59986	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.226063967 CEST	59987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.226078033 CEST	443	59987	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.248475075 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.249135971 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.249232054 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.249362946 CEST	59985	443	192.168.2.5	172.217.16.206
Oct 7, 2024 17:09:08.249391079 CEST	443	59985	172.217.16.206	192.168.2.5
Oct 7, 2024 17:09:08.322946072 CEST	443	59987	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.323110104 CEST	443	59987	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.323229074 CEST	59987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.323448896 CEST	59987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.323448896 CEST	59987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.323497057 CEST	443	59987	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.323525906 CEST	443	59987	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.324440956 CEST	443	59986	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.325391054 CEST	443	59986	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.325457096 CEST	59986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.333072901 CEST	59986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.333101988 CEST	443	59986	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.333117962 CEST	59986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.333127022 CEST	443	59986	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.335803986 CEST	59991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.335859060 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.335920095 CEST	59991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.337224960 CEST	59991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.337224007 CEST	59992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.337246895 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.337280035 CEST	443	59992	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.339427948 CEST	59992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.339427948 CEST	59992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.339473009 CEST	443	59992	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.778392076 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.779083967 CEST	59990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.779112101 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.779505968 CEST	59990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.779511929 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.782481909 CEST	443	59989	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.782876015 CEST	59989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.782902956 CEST	443	59988	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.782907963 CEST	443	59989	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.783193111 CEST	59989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.783201933 CEST	443	59989	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.783319950 CEST	59988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.783421993 CEST	443	59988	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.783643961 CEST	59988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.783659935 CEST	443	59988	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.876120090 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.876203060 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.876306057 CEST	59990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.876332998 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.876377106 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.876437902 CEST	59990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.876601934 CEST	59990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.876619101 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.876653910 CEST	59990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.876661062 CEST	443	59990	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.878745079 CEST	443	59989	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.878829002 CEST	443	59989	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.878884077 CEST	59989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.879220009 CEST	59993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.879255056 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.879349947 CEST	59993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.879379034 CEST	59989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.879395962 CEST	443	59989	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.879415989 CEST	59989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.879420996 CEST	443	59989	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.879741907 CEST	443	59988	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.879800081 CEST	443	59988	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.879949093 CEST	59988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.880440950 CEST	59993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.880465031 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.880491018 CEST	59988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.880491018 CEST	59988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.880542994 CEST	443	59988	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.880573988 CEST	443	59988	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.882553101 CEST	59994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.882570982 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.883013010 CEST	59994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.883411884 CEST	59994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.883414984 CEST	59995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.883429050 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.883467913 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.883856058 CEST	59995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.883856058 CEST	59995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.883905888 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.953135014 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.953769922 CEST	59991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.953798056 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.954305887 CEST	59991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.954312086 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.984247923 CEST	443	59992	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.984944105 CEST	59992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.984967947 CEST	443	59992	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:08.985512018 CEST	59992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:08.985527039 CEST	443	59992	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.048283100 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.048342943 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.048404932 CEST	59991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.048434019 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.048479080 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.048532009 CEST	59991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.048614979 CEST	59991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.048635006 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.048650026 CEST	59991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.048655033 CEST	443	59991	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.051376104 CEST	59996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.051420927 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.051500082 CEST	59996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.051662922 CEST	59996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.051676989 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.058618069 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:09.058662891 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:09.058736086 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:09.059144974 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:09.059160948 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:09.085735083 CEST	443	59992	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.085798979 CEST	443	59992	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.085855961 CEST	59992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.086097956 CEST	59992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.086097956 CEST	59992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.086121082 CEST	443	59992	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.086133003 CEST	443	59992	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.089632988 CEST	59998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.089667082 CEST	443	59998	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.089729071 CEST	59998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.090034962 CEST	59998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.090044975 CEST	443	59998	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.487881899 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.488531113 CEST	59993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.488557100 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.489130974 CEST	59993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.489136934 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.501517057 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.502209902 CEST	59995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.502240896 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.502863884 CEST	59995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.502882957 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.518996954 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.519433975 CEST	59994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.519443035 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.519979000 CEST	59994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.519984007 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.583261013 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.583286047 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.583338976 CEST	59993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.583357096 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.583456039 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.583501101 CEST	59993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.583591938 CEST	59993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.583606958 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.583637953 CEST	59993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.583643913 CEST	443	59993	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.586996078 CEST	59999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.587039948 CEST	443	59999	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.587095022 CEST	59999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.587225914 CEST	59999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.587236881 CEST	443	59999	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.600929022 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.600956917 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.601017952 CEST	59995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.601028919 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.601140022 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.601202965 CEST	59995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.601262093 CEST	59995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.601284981 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.601294994 CEST	59995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.601301908 CEST	443	59995	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.604190111 CEST	60000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.604219913 CEST	443	60000	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.604305983 CEST	60000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.604495049 CEST	60000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.604517937 CEST	443	60000	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.618136883 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.618159056 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.618207932 CEST	59994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.618211985 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.618343115 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.618398905 CEST	59994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.618540049 CEST	59994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.618547916 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.618575096 CEST	59994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.618578911 CEST	443	59994	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.622345924 CEST	60001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.622391939 CEST	443	60001	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.622453928 CEST	60001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.622653961 CEST	60001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.622669935 CEST	443	60001	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.693022966 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.697129011 CEST	59996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.697144985 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.697818041 CEST	59996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.697822094 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.705204964 CEST	443	59998	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.705672979 CEST	59998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.705688953 CEST	443	59998	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.706408024 CEST	59998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.706412077 CEST	443	59998	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.790518045 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.790580034 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.790627003 CEST	59996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.790659904 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.790770054 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.790848017 CEST	59996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.801184893 CEST	59996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.801207066 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.801218033 CEST	59996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.801223993 CEST	443	59996	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.804514885 CEST	60002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.804605007 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.804697990 CEST	60002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.804819107 CEST	60002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.804837942 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.804862022 CEST	443	59998	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.804999113 CEST	443	59998	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.805056095 CEST	59998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.805097103 CEST	59998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.805124044 CEST	443	59998	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.805149078 CEST	59998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.805167913 CEST	443	59998	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.807348967 CEST	60003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.807374954 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.807452917 CEST	60003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.807591915 CEST	60003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:09.807607889 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:09.815797091 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:09.815911055 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:09.817631006 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:09.817643881 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:09.817974091 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:09.819298983 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:09.863409042 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.138722897 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.138761044 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.138781071 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.138933897 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:10.138972998 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.139030933 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:10.140299082 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.140351057 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.140384912 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:10.140396118 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.140409946 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:10.140419006 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.140463114 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:10.146002054 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:10.146019936 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.146065950 CEST	59997	443	192.168.2.5	4.175.87.197
Oct 7, 2024 17:09:10.146074057 CEST	443	59997	4.175.87.197	192.168.2.5
Oct 7, 2024 17:09:10.217816114 CEST	443	60000	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.225502968 CEST	443	59999	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.232841969 CEST	60000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.232878923 CEST	443	60000	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.233292103 CEST	60000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.233299971 CEST	443	60000	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.233654976 CEST	59999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.233670950 CEST	443	59999	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.234050989 CEST	59999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.234057903 CEST	443	59999	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.242913961 CEST	443	60001	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.247658014 CEST	60001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.247720957 CEST	443	60001	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.248182058 CEST	60001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.248195887 CEST	443	60001	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.325051069 CEST	443	60000	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.325126886 CEST	443	60000	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.325226068 CEST	60000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.326215029 CEST	60000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.326235056 CEST	443	60000	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.326244116 CEST	60000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.326250076 CEST	443	60000	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.329894066 CEST	443	59999	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.329961061 CEST	443	59999	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.330017090 CEST	59999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.331217051 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.331253052 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.331346989 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.331737995 CEST	59999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.331753016 CEST	443	59999	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.331764936 CEST	59999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.331769943 CEST	443	59999	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.331986904 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.332005024 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.335141897 CEST	60005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.335181952 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.335235119 CEST	60005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.335560083 CEST	60005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.335572958 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.339518070 CEST	443	60001	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.339617968 CEST	443	60001	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.339668989 CEST	60001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.340524912 CEST	60001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.340544939 CEST	443	60001	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.340559959 CEST	60001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.340565920 CEST	443	60001	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.344626904 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.344664097 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.344726086 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.344894886 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.344906092 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.822396040 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.823081017 CEST	60003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.823127985 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.823523045 CEST	60003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.823529959 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.830915928 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.831466913 CEST	60002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.831485987 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.831921101 CEST	60002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.831934929 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.918719053 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.918750048 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.918869019 CEST	60003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.918898106 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.918981075 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.919023037 CEST	60003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.919919968 CEST	60003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.919941902 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.919960022 CEST	60003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.919965982 CEST	443	60003	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.923033953 CEST	60008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.923079014 CEST	443	60008	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.923300028 CEST	60008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.923350096 CEST	60008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.923362017 CEST	443	60008	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.930078030 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.930114985 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.930183887 CEST	60002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.930202961 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.930249929 CEST	60002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.930372000 CEST	60002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.930377007 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.930394888 CEST	60002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.930579901 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.930623055 CEST	443	60002	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.930671930 CEST	60002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.932777882 CEST	60009	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.932836056 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:10.932914019 CEST	60009	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.933058977 CEST	60009	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:10.933077097 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.000897884 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.001425028 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.001454115 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.001998901 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.002008915 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.222171068 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.222774982 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.223071098 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.223071098 CEST	60005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.223093033 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.223109007 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.223737001 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.223737001 CEST	60005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.223743916 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.223753929 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.310887098 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.310920000 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.312941074 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.312973022 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.314929008 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.322046041 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.322068930 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.322084904 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.322155952 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.322155952 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.322170973 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.323339939 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.323364973 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.323438883 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.323438883 CEST	60005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.323455095 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.323519945 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.323631048 CEST	60005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.323631048 CEST	60005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.323631048 CEST	60005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.323652983 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.326667070 CEST	60010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.326715946 CEST	443	60010	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.326848030 CEST	60010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.327022076 CEST	60010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.327034950 CEST	443	60010	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.392002106 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.392079115 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.392376900 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.392378092 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.392378092 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.395231962 CEST	60011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.395328045 CEST	443	60011	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.395426035 CEST	60011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.395575047 CEST	60011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.395608902 CEST	443	60011	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.404520035 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.404575109 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.404603958 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.405014992 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.405014992 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.406548977 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.406568050 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.408440113 CEST	60012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.408488989 CEST	443	60012	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.408726931 CEST	60012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.408875942 CEST	60012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.408890009 CEST	443	60012	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.409012079 CEST	60006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.409020901 CEST	443	60006	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.543765068 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.544318914 CEST	60009	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.544358969 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.546081066 CEST	60009	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.546086073 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.564049959 CEST	443	60008	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.564495087 CEST	60008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.564575911 CEST	443	60008	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.564866066 CEST	60008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.564881086 CEST	443	60008	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.637017965 CEST	60005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.637047052 CEST	443	60005	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.639066935 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.639096022 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.639152050 CEST	60009	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.639173985 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.639390945 CEST	60009	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.639404058 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.639419079 CEST	60009	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.639575958 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.639619112 CEST	443	60009	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.641052961 CEST	60009	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.647943974 CEST	60013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.647979975 CEST	443	60013	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.648056030 CEST	60013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.648262978 CEST	60013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.648272038 CEST	443	60013	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.687062025 CEST	443	60008	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.687092066 CEST	443	60008	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.687144041 CEST	443	60008	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.687247992 CEST	60008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.687247992 CEST	60008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.687416077 CEST	60008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.687433958 CEST	443	60008	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.687448025 CEST	60008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.687453985 CEST	443	60008	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.690319061 CEST	60014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.690347910 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.690535069 CEST	60014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.693012953 CEST	60014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.693022013 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.700061083 CEST	60004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.700094938 CEST	443	60004	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.947762012 CEST	443	60010	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.949459076 CEST	60010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.949490070 CEST	443	60010	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:11.949912071 CEST	60010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:11.949918985 CEST	443	60010	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.003597975 CEST	443	60011	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.004167080 CEST	60011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.004199028 CEST	443	60011	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.004658937 CEST	60011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.004669905 CEST	443	60011	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.042767048 CEST	443	60010	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.043148041 CEST	443	60010	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.043234110 CEST	60010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.043279886 CEST	60010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.043279886 CEST	60010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.043302059 CEST	443	60010	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.043312073 CEST	443	60010	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.046185017 CEST	60015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.046241045 CEST	443	60015	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.046334028 CEST	60015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.046509981 CEST	60015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.046528101 CEST	443	60015	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.057293892 CEST	443	60012	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.057801008 CEST	60012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.057856083 CEST	443	60012	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.058326960 CEST	60012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.058339119 CEST	443	60012	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.099845886 CEST	443	60011	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.099934101 CEST	443	60011	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.100035906 CEST	60011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.100286007 CEST	60011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.100313902 CEST	443	60011	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.100326061 CEST	60011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.100332975 CEST	443	60011	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.103599072 CEST	60016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.103636026 CEST	443	60016	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.103739023 CEST	60016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.103889942 CEST	60016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.103902102 CEST	443	60016	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.159974098 CEST	443	60012	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.160101891 CEST	443	60012	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.160550117 CEST	60012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.160550117 CEST	60012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.160550117 CEST	60012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.163624048 CEST	60017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.163678885 CEST	443	60017	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.163754940 CEST	60017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.163968086 CEST	60017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.163985968 CEST	443	60017	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.253720045 CEST	443	60013	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.254369974 CEST	60013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.254406929 CEST	443	60013	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.254837036 CEST	60013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.254843950 CEST	443	60013	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.350506067 CEST	443	60013	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.350634098 CEST	443	60013	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.350692987 CEST	60013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.350956917 CEST	60013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.350984097 CEST	443	60013	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.350997925 CEST	60013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.351005077 CEST	443	60013	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.354041100 CEST	60018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.354083061 CEST	443	60018	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.354135036 CEST	60018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.354285955 CEST	60018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.354312897 CEST	443	60018	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.464410067 CEST	60012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.464448929 CEST	443	60012	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.468467951 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.511451960 CEST	60014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.616199017 CEST	60014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.616209030 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.625173092 CEST	60014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.625190973 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.694255114 CEST	443	60015	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.695055008 CEST	60015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.695096016 CEST	443	60015	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.695708990 CEST	60015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.695720911 CEST	443	60015	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.715632915 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.715771914 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.715821028 CEST	60014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.715864897 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.715897083 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.715939999 CEST	60014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.715977907 CEST	60014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.715997934 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.716011047 CEST	60014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.716017962 CEST	443	60014	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.774424076 CEST	443	60017	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.775026083 CEST	60017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.775051117 CEST	443	60017	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.775484085 CEST	60017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.775490046 CEST	443	60017	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.875591993 CEST	443	60017	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.875799894 CEST	443	60017	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.875881910 CEST	60017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.876209974 CEST	60017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.876231909 CEST	443	60017	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.876249075 CEST	60017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.876256943 CEST	443	60017	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.913182020 CEST	443	60015	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.913338900 CEST	443	60015	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.913425922 CEST	60015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.913578033 CEST	60015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.913610935 CEST	443	60015	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.913633108 CEST	60015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.913642883 CEST	443	60015	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.938574076 CEST	443	60016	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.939217091 CEST	60016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.939243078 CEST	443	60016	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.939662933 CEST	60016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.939672947 CEST	443	60016	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.972878933 CEST	443	60018	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.973438978 CEST	60018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.973475933 CEST	443	60018	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:12.973946095 CEST	60018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:12.973958015 CEST	443	60018	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:13.040832043 CEST	443	60016	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:13.041079044 CEST	443	60016	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:13.041153908 CEST	60016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:13.041223049 CEST	60016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:13.041244030 CEST	443	60016	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:13.041260004 CEST	60016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:13.041268110 CEST	443	60016	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:13.114592075 CEST	443	60018	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:13.114677906 CEST	443	60018	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:13.114784956 CEST	60018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:13.114954948 CEST	60018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:13.114979982 CEST	443	60018	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:13.114991903 CEST	60018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 17:09:13.114996910 CEST	443	60018	13.107.246.45	192.168.2.5
Oct 7, 2024 17:09:17.920849085 CEST	60019	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:17.920883894 CEST	443	60019	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:17.920957088 CEST	60019	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:17.921561003 CEST	60019	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:17.921572924 CEST	443	60019	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:18.691937923 CEST	443	60019	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:18.692060947 CEST	60019	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:18.695655107 CEST	60019	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:18.695663929 CEST	443	60019	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:18.696002007 CEST	443	60019	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:18.697098017 CEST	60019	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:18.697144032 CEST	60019	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:18.697149038 CEST	443	60019	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:18.697218895 CEST	60019	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:18.739483118 CEST	443	60019	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:18.867635965 CEST	443	60019	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:18.868132114 CEST	443	60019	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:18.868212938 CEST	60019	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:18.868243933 CEST	60019	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:18.868257046 CEST	443	60019	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:29.107198000 CEST	60021	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:09:29.107310057 CEST	443	60021	142.250.185.68	192.168.2.5
Oct 7, 2024 17:09:29.107431889 CEST	60021	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:09:29.107753992 CEST	60021	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:09:29.107786894 CEST	443	60021	142.250.185.68	192.168.2.5
Oct 7, 2024 17:09:30.200293064 CEST	443	60021	142.250.185.68	192.168.2.5
Oct 7, 2024 17:09:30.200684071 CEST	60021	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:09:30.200723886 CEST	443	60021	142.250.185.68	192.168.2.5
Oct 7, 2024 17:09:30.201188087 CEST	443	60021	142.250.185.68	192.168.2.5
Oct 7, 2024 17:09:30.201498985 CEST	60021	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:09:30.201611996 CEST	443	60021	142.250.185.68	192.168.2.5
Oct 7, 2024 17:09:30.246048927 CEST	60021	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:09:36.409399986 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:36.409496069 CEST	443	60023	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:36.409586906 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:36.410195112 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:36.410224915 CEST	443	60023	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:36.981408119 CEST	60024	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:36.981447935 CEST	443	60024	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:36.981503963 CEST	60024	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:36.981756926 CEST	60024	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:36.981787920 CEST	443	60024	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.172585964 CEST	60025	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.172681093 CEST	443	60025	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.172771931 CEST	60025	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.173026085 CEST	60025	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.173063040 CEST	443	60025	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.195115089 CEST	443	60023	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:37.195377111 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:37.199521065 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:37.199537992 CEST	443	60023	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:37.199857950 CEST	443	60023	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:37.202557087 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:37.202588081 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:37.202595949 CEST	443	60023	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:37.202735901 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:37.243416071 CEST	443	60023	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:37.369358063 CEST	443	60023	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:37.369879007 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:37.369879007 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:37.369951963 CEST	443	60023	40.113.110.67	192.168.2.5
Oct 7, 2024 17:09:37.370017052 CEST	60023	443	192.168.2.5	40.113.110.67
Oct 7, 2024 17:09:37.690224886 CEST	443	60024	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.690896988 CEST	60024	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.690937042 CEST	443	60024	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.691313982 CEST	443	60024	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.691683054 CEST	60024	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.691765070 CEST	443	60024	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.691921949 CEST	60024	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.691963911 CEST	60024	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.691979885 CEST	443	60024	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.795710087 CEST	443	60025	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.796165943 CEST	60025	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.796200991 CEST	443	60025	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.796557903 CEST	443	60025	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.797672987 CEST	60025	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.797717094 CEST	60025	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.797734022 CEST	443	60025	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.797749043 CEST	60025	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:37.797759056 CEST	443	60025	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:37.840104103 CEST	60025	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:38.239027023 CEST	443	60024	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:38.239145994 CEST	443	60024	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:38.239221096 CEST	60024	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:38.239442110 CEST	443	60025	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:38.239525080 CEST	443	60025	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:38.239573956 CEST	60025	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:38.239923954 CEST	60024	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:38.239940882 CEST	443	60024	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:38.240302086 CEST	60025	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:09:38.240318060 CEST	443	60025	216.58.206.46	192.168.2.5
Oct 7, 2024 17:09:40.103056908 CEST	443	60021	142.250.185.68	192.168.2.5
Oct 7, 2024 17:09:40.103210926 CEST	443	60021	142.250.185.68	192.168.2.5
Oct 7, 2024 17:09:40.103308916 CEST	60021	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:09:46.617435932 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:09:46.617475033 CEST	443	60026	40.113.103.199	192.168.2.5
Oct 7, 2024 17:09:46.617558002 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:09:46.618160009 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:09:46.618175030 CEST	443	60026	40.113.103.199	192.168.2.5
Oct 7, 2024 17:09:47.388736010 CEST	443	60026	40.113.103.199	192.168.2.5
Oct 7, 2024 17:09:47.388983965 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:09:47.390710115 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:09:47.390732050 CEST	443	60026	40.113.103.199	192.168.2.5
Oct 7, 2024 17:09:47.391570091 CEST	443	60026	40.113.103.199	192.168.2.5
Oct 7, 2024 17:09:47.392837048 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:09:47.392908096 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:09:47.392915010 CEST	443	60026	40.113.103.199	192.168.2.5
Oct 7, 2024 17:09:47.392992020 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:09:47.435419083 CEST	443	60026	40.113.103.199	192.168.2.5
Oct 7, 2024 17:09:47.565778017 CEST	443	60026	40.113.103.199	192.168.2.5
Oct 7, 2024 17:09:47.566266060 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:09:47.566283941 CEST	443	60026	40.113.103.199	192.168.2.5
Oct 7, 2024 17:09:47.566297054 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:09:47.566333055 CEST	60026	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:08.832216024 CEST	60021	443	192.168.2.5	142.250.185.68
Oct 7, 2024 17:10:08.832247972 CEST	443	60021	142.250.185.68	192.168.2.5
Oct 7, 2024 17:10:08.832545996 CEST	60028	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:08.832568884 CEST	443	60028	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:08.832633972 CEST	60028	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:08.832911968 CEST	60028	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:08.832921982 CEST	443	60028	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:08.920161009 CEST	60029	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:08.920211077 CEST	443	60029	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:08.920272112 CEST	60029	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:08.920643091 CEST	60029	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:08.920656919 CEST	443	60029	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.441118956 CEST	443	60028	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.441452980 CEST	60028	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.441479921 CEST	443	60028	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.442114115 CEST	443	60028	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.442409039 CEST	60028	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.442492962 CEST	443	60028	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.442580938 CEST	60028	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.442596912 CEST	60028	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.442606926 CEST	443	60028	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.536029100 CEST	443	60029	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.536283016 CEST	60029	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.536300898 CEST	443	60029	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.537511110 CEST	443	60029	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.537769079 CEST	60029	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.537909985 CEST	60029	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.537915945 CEST	443	60029	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.537924051 CEST	60029	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.537939072 CEST	443	60029	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.591002941 CEST	60029	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.743093967 CEST	443	60028	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.743957043 CEST	443	60028	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.744087934 CEST	60028	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.744282007 CEST	60028	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.744297028 CEST	443	60028	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.823395967 CEST	443	60029	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.824424982 CEST	443	60029	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:09.824490070 CEST	60029	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.825254917 CEST	60029	443	192.168.2.5	216.58.206.46
Oct 7, 2024 17:10:09.825270891 CEST	443	60029	216.58.206.46	192.168.2.5
Oct 7, 2024 17:10:15.157836914 CEST	60030	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:15.157882929 CEST	443	60030	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:15.157946110 CEST	60030	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:15.158605099 CEST	60030	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:15.158622026 CEST	443	60030	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:16.554615021 CEST	443	60030	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:16.554816961 CEST	60030	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:16.556307077 CEST	60030	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:16.556318998 CEST	443	60030	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:16.557127953 CEST	443	60030	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:16.558849096 CEST	60030	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:16.558892965 CEST	60030	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:16.558902979 CEST	443	60030	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:16.558990955 CEST	60030	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:16.603399038 CEST	443	60030	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:16.725166082 CEST	443	60030	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:16.725258112 CEST	443	60030	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:16.725326061 CEST	60030	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:16.725441933 CEST	60030	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:16.725457907 CEST	443	60030	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:23.921258926 CEST	60031	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:23.921324015 CEST	443	60031	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:23.921453953 CEST	60031	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:23.922068119 CEST	60031	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:23.922087908 CEST	443	60031	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:24.719644070 CEST	443	60031	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:24.719743967 CEST	60031	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:24.721441984 CEST	60031	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:24.721460104 CEST	443	60031	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:24.722227097 CEST	443	60031	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:24.723426104 CEST	60031	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:24.723490953 CEST	60031	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:24.723496914 CEST	443	60031	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:24.723589897 CEST	60031	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:24.767441034 CEST	443	60031	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:24.895767927 CEST	443	60031	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:24.895979881 CEST	443	60031	40.113.103.199	192.168.2.5
Oct 7, 2024 17:10:24.896049976 CEST	60031	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:24.896188974 CEST	60031	443	192.168.2.5	40.113.103.199
Oct 7, 2024 17:10:24.896214962 CEST	443	60031	40.113.103.199	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 17:08:24.881705046 CEST	63221	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:24.881983042 CEST	60585	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:24.889204025 CEST	53	63221	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:24.889233112 CEST	53	60585	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:24.889818907 CEST	53	63674	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:24.915261984 CEST	53	53069	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:26.006438017 CEST	60744	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:26.006746054 CEST	58828	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:26.013798952 CEST	53	58828	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:26.013840914 CEST	53	60744	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:26.053301096 CEST	53	54334	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:29.044338942 CEST	62008	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:29.044436932 CEST	62357	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:29.051311970 CEST	53	62357	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:29.051582098 CEST	53	62008	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:29.552911997 CEST	53	60864	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:31.356268883 CEST	53	56758	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:34.298651934 CEST	64901	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:34.298918009 CEST	52328	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:34.305757999 CEST	53	52328	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:34.306546926 CEST	53	64901	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:35.469132900 CEST	65441	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:35.469392061 CEST	58047	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:08:35.476097107 CEST	53	65441	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:35.476111889 CEST	53	58047	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:43.553302050 CEST	53	53199	1.1.1.1	192.168.2.5
Oct 7, 2024 17:08:48.301898956 CEST	53	53754	1.1.1.1	192.168.2.5
Oct 7, 2024 17:09:24.419867039 CEST	53	58694	1.1.1.1	192.168.2.5
Oct 7, 2024 17:09:36.040026903 CEST	53	49365	1.1.1.1	192.168.2.5
Oct 7, 2024 17:09:36.973711967 CEST	57821	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:09:36.973896980 CEST	54231	53	192.168.2.5	1.1.1.1
Oct 7, 2024 17:09:36.980846882 CEST	53	54231	1.1.1.1	192.168.2.5
Oct 7, 2024 17:09:36.980964899 CEST	53	57821	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 17:08:24.881705046 CEST	192.168.2.5	1.1.1.1	0x654d	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:24.881983042 CEST	192.168.2.5	1.1.1.1	0x1468	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 7, 2024 17:08:26.006438017 CEST	192.168.2.5	1.1.1.1	0x4ebb	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.006746054 CEST	192.168.2.5	1.1.1.1	0xa91b	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 17:08:29.044338942 CEST	192.168.2.5	1.1.1.1	0xd211	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:29.044436932 CEST	192.168.2.5	1.1.1.1	0x9e86	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 17:08:34.298651934 CEST	192.168.2.5	1.1.1.1	0xcc23	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:34.298918009 CEST	192.168.2.5	1.1.1.1	0x1a0c	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 17:08:35.469132900 CEST	192.168.2.5	1.1.1.1	0xc834	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:35.469392061 CEST	192.168.2.5	1.1.1.1	0x37e7	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 17:09:36.973711967 CEST	192.168.2.5	1.1.1.1	0xd9c6	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:09:36.973896980 CEST	192.168.2.5	1.1.1.1	0x96de	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 17:08:24.889204025 CEST	1.1.1.1	192.168.2.5	0x654d	No error (0)	youtube.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:24.889233112 CEST	1.1.1.1	192.168.2.5	0x1468	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 7, 2024 17:08:26.013798952 CEST	1.1.1.1	192.168.2.5	0xa91b	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013798952 CEST	1.1.1.1	192.168.2.5	0xa91b	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:26.013840914 CEST	1.1.1.1	192.168.2.5	0x4ebb	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:29.051311970 CEST	1.1.1.1	192.168.2.5	0x9e86	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 17:08:29.051582098 CEST	1.1.1.1	192.168.2.5	0xd211	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:34.305757999 CEST	1.1.1.1	192.168.2.5	0x1a0c	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 17:08:34.306546926 CEST	1.1.1.1	192.168.2.5	0xcc23	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 17:08:34.306546926 CEST	1.1.1.1	192.168.2.5	0xcc23	No error (0)	www3.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:08:35.476097107 CEST	1.1.1.1	192.168.2.5	0xc834	No error (0)	play.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 17:09:36.980964899 CEST	1.1.1.1	192.168.2.5	0xd9c6	No error (0)	play.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

otelrules.azureedge.net

youtube.com

www.youtube.com

fs.microsoft.com

slscr.update.microsoft.com

https:

play.google.com

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.5	49717	40.126.32.133	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:10 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-10-07 15:08:10 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-07 15:08:10 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 07 Oct 2024 15:07:10 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30374.3 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C539_BAY x-ms-request-id: c762134c-fc6c-4d22-bffa-42239b14b438 PPServer: PPV: 30 H: PH1PEPF00011EF0 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 07 Oct 2024 15:08:10 GMT Connection: close Content-Length: 11389
2024-10-07 15:08:10 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.5	49720	40.126.32.133	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:12 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4694 Host: login.live.com
2024-10-07 15:08:12 UTC	4694	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-07 15:08:12 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 07 Oct 2024 15:07:12 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C539_BAY x-ms-request-id: 7cb7d975-c65b-40e9-81cb-23571a8eff8e PPServer: PPV: 30 H: PH1PEPF00011EED V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 07 Oct 2024 15:08:11 GMT Connection: close Content-Length: 10901
2024-10-07 15:08:12 UTC	10901	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.5	49723	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:13 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 68 49 70 35 4c 30 6a 56 4c 30 6d 32 52 31 4f 64 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 66 33 65 39 34 32 33 62 39 30 64 33 39 32 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: hIp5L0jVL0m2R1Od.1Context: 4f3e9423b90d3921
2024-10-07 15:08:13 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-07 15:08:13 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 68 49 70 35 4c 30 6a 56 4c 30 6d 32 52 31 4f 64 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 66 33 65 39 34 32 33 62 39 30 64 33 39 32 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 65 65 6f 55 74 30 69 6a 4b 35 6f 6b 77 34 48 4d 78 45 6e 45 63 35 31 39 7a 52 6a 51 74 77 52 37 61 4d 59 30 39 6f 79 63 42 70 67 63 6e 55 35 48 53 6e 49 32 46 56 44 62 41 73 75 48 57 4f 6c 68 44 57 58 45 65 68 4e 63 64 48 4c 30 43 41 57 4b 79 52 73 37 2f 53 69 63 43 30 72 4f 30 4f 65 4d 63 52 62 4c 77 65 49 6c 61 47 58 44 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: hIp5L0jVL0m2R1Od.2Context: 4f3e9423b90d3921<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaeeoUt0ijK5okw4HMxEnEc519zRjQtwR7aMY09oycBpgcnU5HSnI2FVDbAsuHWOlhDWXEehNcdHL0CAWKyRs7/SicC0rO0OeMcRbLweIlaGXD
2024-10-07 15:08:13 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 68 49 70 35 4c 30 6a 56 4c 30 6d 32 52 31 4f 64 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 66 33 65 39 34 32 33 62 39 30 64 33 39 32 31 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: hIp5L0jVL0m2R1Od.3Context: 4f3e9423b90d3921
2024-10-07 15:08:13 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-07 15:08:13 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 59 38 53 53 76 44 66 53 46 45 53 6c 6f 47 2b 4f 37 39 30 50 6a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Y8SSvDfSFESloG+O790PjA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.5	49725	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:16 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 2f 46 48 50 37 2b 67 30 30 4b 36 52 64 65 42 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 30 64 33 62 64 61 31 37 66 66 33 64 36 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: J/FHP7+g00K6RdeB.1Context: 1f0d3bda17ff3d61
2024-10-07 15:08:16 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-07 15:08:16 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4a 2f 46 48 50 37 2b 67 30 30 4b 36 52 64 65 42 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 30 64 33 62 64 61 31 37 66 66 33 64 36 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 65 65 6f 55 74 30 69 6a 4b 35 6f 6b 77 34 48 4d 78 45 6e 45 63 35 31 39 7a 52 6a 51 74 77 52 37 61 4d 59 30 39 6f 79 63 42 70 67 63 6e 55 35 48 53 6e 49 32 46 56 44 62 41 73 75 48 57 4f 6c 68 44 57 58 45 65 68 4e 63 64 48 4c 30 43 41 57 4b 79 52 73 37 2f 53 69 63 43 30 72 4f 30 4f 65 4d 63 52 62 4c 77 65 49 6c 61 47 58 44 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: J/FHP7+g00K6RdeB.2Context: 1f0d3bda17ff3d61<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaeeoUt0ijK5okw4HMxEnEc519zRjQtwR7aMY09oycBpgcnU5HSnI2FVDbAsuHWOlhDWXEehNcdHL0CAWKyRs7/SicC0rO0OeMcRbLweIlaGXD
2024-10-07 15:08:16 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4a 2f 46 48 50 37 2b 67 30 30 4b 36 52 64 65 42 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 30 64 33 62 64 61 31 37 66 66 33 64 36 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: J/FHP7+g00K6RdeB.3Context: 1f0d3bda17ff3d61<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-07 15:08:16 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-07 15:08:16 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 44 47 79 78 6f 37 44 54 4f 30 4b 6c 6a 35 56 68 70 2f 74 58 2b 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: DGyxo7DTO0Klj5Vhp/tX+Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	49726	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:19 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 78 53 50 58 55 50 64 75 67 45 75 34 67 56 66 46 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 31 33 32 64 38 61 65 61 66 65 33 38 64 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: xSPXUPdugEu4gVfF.1Context: 4132d8aeafe38d9
2024-10-07 15:08:19 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-07 15:08:19 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 78 53 50 58 55 50 64 75 67 45 75 34 67 56 66 46 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 31 33 32 64 38 61 65 61 66 65 33 38 64 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 65 65 6f 55 74 30 69 6a 4b 35 6f 6b 77 34 48 4d 78 45 6e 45 63 35 31 39 7a 52 6a 51 74 77 52 37 61 4d 59 30 39 6f 79 63 42 70 67 63 6e 55 35 48 53 6e 49 32 46 56 44 62 41 73 75 48 57 4f 6c 68 44 57 58 45 65 68 4e 63 64 48 4c 30 43 41 57 4b 79 52 73 37 2f 53 69 63 43 30 72 4f 30 4f 65 4d 63 52 62 4c 77 65 49 6c 61 47 58 44 4b Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: xSPXUPdugEu4gVfF.2Context: 4132d8aeafe38d9<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaeeoUt0ijK5okw4HMxEnEc519zRjQtwR7aMY09oycBpgcnU5HSnI2FVDbAsuHWOlhDWXEehNcdHL0CAWKyRs7/SicC0rO0OeMcRbLweIlaGXDK
2024-10-07 15:08:19 UTC	73	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 35 0d 0a 4d 53 2d 43 56 3a 20 78 53 50 58 55 50 64 75 67 45 75 34 67 56 66 46 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 31 33 32 64 38 61 65 61 66 65 33 38 64 39 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 55MS-CV: xSPXUPdugEu4gVfF.3Context: 4132d8aeafe38d9
2024-10-07 15:08:19 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-07 15:08:19 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2b 46 35 48 52 49 51 38 6a 6b 2b 37 73 6a 74 72 71 73 4c 6c 70 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: +F5HRIQ8jk+7sjtrqsLlpQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.5	49727	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:22 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:22 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:22 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 04 Oct 2024 23:21:50 GMT ETag: "0x8DCE4CB535A72FA" x-ms-request-id: 4dad204e-401e-005b-4bf5-169c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150822Z-1657d5bbd48dfrdj7px744zp8s00000003g0000000001pzs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:22 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 15:08:22 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 15:08:22 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 15:08:22 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 15:08:22 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 15:08:22 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 15:08:22 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 15:08:22 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 15:08:22 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 15:08:22 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.5	49728	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:23 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:23 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:23 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 4545068c-701e-0050-0e05-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150823Z-1657d5bbd48xdq5dkwwugdpzr000000003v0000000012m15 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:23 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.5	49730	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:23 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:23 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:23 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150823Z-1657d5bbd48lknvp09v995n790000000036g00000000ws1p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:23 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.5	49732	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:23 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:23 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b27588a3-a01e-003d-6001-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150823Z-1657d5bbd48xdq5dkwwugdpzr000000003vg00000000zwnx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:23 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	49731	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:23 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:23 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: d4448e94-101e-00a2-2703-179f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150823Z-1657d5bbd48t66tjar5xuq22r800000003hg00000000vf0e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:23 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.5	49729	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:23 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:23 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:23 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c59bb0f9-701e-0097-2d01-17b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150823Z-1657d5bbd48wd55zet5pcra0cg00000003ng00000000cwp2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:23 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.5	49737	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:24 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:24 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150824Z-1657d5bbd487nf59mzf5b3gk8n000000035g00000000x73w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:24 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.5	49735	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:24 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:24 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150824Z-1657d5bbd48xdq5dkwwugdpzr000000003z000000000gm8d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:24 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	49734	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:24 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:24 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150824Z-1657d5bbd48sdh4cyzadbb374800000003g000000000esr2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:24 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	49736	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:24 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:24 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150824Z-1657d5bbd487nf59mzf5b3gk8n000000035g00000000x73x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:24 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	49733	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:24 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:24 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3ea0840d-701e-0053-1012-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150824Z-1657d5bbd48tnj6wmberkg2xy800000003ng00000000xw3y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:24 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	49738	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:25 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:25 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150825Z-1657d5bbd48tnj6wmberkg2xy800000003mg000000010cz0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:25 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	49739	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:25 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:25 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150825Z-1657d5bbd48brl8we3nu8cxwgn00000003x000000000u3db x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:25 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49744	142.250.186.78	443	7176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:25 UTC	859	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 15:08:25 UTC	1919	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Mon, 07 Oct 2024 15:08:25 GMT Date: Mon, 07 Oct 2024 15:08:25 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script' Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: YSC=dSb-qs1OMew; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	49741	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:25 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:25 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150825Z-1657d5bbd48f7nlxc7n5fnfzh000000003bg000000005pff x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:25 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:25 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:25 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150825Z-1657d5bbd48xsz2nuzq4vfrzg800000003kg000000006uyc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:25 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	49740	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:25 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:25 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150825Z-1657d5bbd48lknvp09v995n790000000035g00000000zunq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:25 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	49749	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:26 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:26 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150826Z-1657d5bbd48dfrdj7px744zp8s00000003cg00000000gbb6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:26 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	49750	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:26 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 30 45 42 51 30 6c 67 6c 53 55 65 6d 61 74 52 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 65 37 64 37 66 30 66 61 35 31 34 39 64 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 0EBQ0lglSUematR4.1Context: 58e7d7f0fa5149df
2024-10-07 15:08:26 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-07 15:08:26 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 30 45 42 51 30 6c 67 6c 53 55 65 6d 61 74 52 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 65 37 64 37 66 30 66 61 35 31 34 39 64 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 65 65 6f 55 74 30 69 6a 4b 35 6f 6b 77 34 48 4d 78 45 6e 45 63 35 31 39 7a 52 6a 51 74 77 52 37 61 4d 59 30 39 6f 79 63 42 70 67 63 6e 55 35 48 53 6e 49 32 46 56 44 62 41 73 75 48 57 4f 6c 68 44 57 58 45 65 68 4e 63 64 48 4c 30 43 41 57 4b 79 52 73 37 2f 53 69 63 43 30 72 4f 30 4f 65 4d 63 52 62 4c 77 65 49 6c 61 47 58 44 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 0EBQ0lglSUematR4.2Context: 58e7d7f0fa5149df<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaeeoUt0ijK5okw4HMxEnEc519zRjQtwR7aMY09oycBpgcnU5HSnI2FVDbAsuHWOlhDWXEehNcdHL0CAWKyRs7/SicC0rO0OeMcRbLweIlaGXD
2024-10-07 15:08:26 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 30 45 42 51 30 6c 67 6c 53 55 65 6d 61 74 52 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 65 37 64 37 66 30 66 61 35 31 34 39 64 66 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 0EBQ0lglSUematR4.3Context: 58e7d7f0fa5149df
2024-10-07 15:08:26 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-07 15:08:26 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 59 66 75 62 43 54 48 69 6f 6b 79 33 70 53 6d 49 64 6d 75 43 34 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: YfubCTHioky3pSmIdmuC4w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	49751	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:26 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 79 68 58 56 39 4a 4a 6d 67 55 6d 64 59 73 35 43 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 62 32 66 37 65 34 62 34 35 34 30 35 36 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: yhXV9JJmgUmdYs5C.1Context: 96b2f7e4b4540566
2024-10-07 15:08:26 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-07 15:08:26 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 79 68 58 56 39 4a 4a 6d 67 55 6d 64 59 73 35 43 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 62 32 66 37 65 34 62 34 35 34 30 35 36 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 65 65 6f 55 74 30 69 6a 4b 35 6f 6b 77 34 48 4d 78 45 6e 45 63 35 31 39 7a 52 6a 51 74 77 52 37 61 4d 59 30 39 6f 79 63 42 70 67 63 6e 55 35 48 53 6e 49 32 46 56 44 62 41 73 75 48 57 4f 6c 68 44 57 58 45 65 68 4e 63 64 48 4c 30 43 41 57 4b 79 52 73 37 2f 53 69 63 43 30 72 4f 30 4f 65 4d 63 52 62 4c 77 65 49 6c 61 47 58 44 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: yhXV9JJmgUmdYs5C.2Context: 96b2f7e4b4540566<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaeeoUt0ijK5okw4HMxEnEc519zRjQtwR7aMY09oycBpgcnU5HSnI2FVDbAsuHWOlhDWXEehNcdHL0CAWKyRs7/SicC0rO0OeMcRbLweIlaGXD
2024-10-07 15:08:26 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 79 68 58 56 39 4a 4a 6d 67 55 6d 64 59 73 35 43 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 62 32 66 37 65 34 62 34 35 34 30 35 36 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: yhXV9JJmgUmdYs5C.3Context: 96b2f7e4b4540566<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-07 15:08:26 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-07 15:08:26 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 71 5a 6e 50 50 51 30 4c 6f 45 43 41 34 36 37 41 48 32 6e 51 35 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: qZnPPQ0LoECA467AH2nQ5w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.5	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:26 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:26 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150826Z-1657d5bbd48wd55zet5pcra0cg00000003q0000000005up4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:26 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.5	49752	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:26 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:26 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150826Z-1657d5bbd48dfrdj7px744zp8s00000003b000000000s5sr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:26 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.5	49753	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:26 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:26 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150826Z-1657d5bbd48vlsxxpe15ac3q7n00000003kg00000000qnb4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:26 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	49754	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:26 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:26 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150826Z-1657d5bbd48xdq5dkwwugdpzr0000000041g000000003ez6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:26 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49756	142.250.186.142	443	7176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:26 UTC	902	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: YSC=dSb-qs1OMew
2024-10-07 15:08:26 UTC	2552	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 15:08:26 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 15:38:26 GMT; Path=/; Secure; HttpOnly Set-Cookie: VISITOR_INFO1_LIVE=_VjBG1kzlmE; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 15:08:26 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgKQ%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 15:08:26 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	49757	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:27 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150827Z-1657d5bbd48vhs7r2p1ky7cs5w000000041g000000003050 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:27 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.5	49759	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:27 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:27 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150827Z-1657d5bbd48wd55zet5pcra0cg00000003gg00000000wmdq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:27 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.5	49760	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:27 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:27 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 81e42967-c01e-0014-5ee9-16a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150827Z-1657d5bbd48brl8we3nu8cxwgn00000003z000000000fgz3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:27 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.5	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:27 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:27 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150827Z-1657d5bbd482krtfgrg72dfbtn00000003fg0000000039wf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:27 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.5	49758	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:27 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:27 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f57b7c9f-801e-00a0-4a13-172196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150827Z-1657d5bbd482lxwq1dp2t1zwkc00000003c000000000p5gr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:27 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:28 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:28 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 40323690-a01e-0002-0100-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150828Z-1657d5bbd48vlsxxpe15ac3q7n00000003gg00000000x8xa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:28 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.5	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:28 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:28 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 7c825ef0-601e-0001-5f02-17faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150828Z-1657d5bbd48cpbzgkvtewk0wu000000003n000000000xmds x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:28 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.5	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:28 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d415a278-e01e-0051-6efe-1684b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150828Z-1657d5bbd48jwrqbupe3ktsx9w00000003wg00000000b7dk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.5	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:28 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:28 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: c530354f-501e-0016-5013-17181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150828Z-1657d5bbd48sdh4cyzadbb374800000003gg00000000dmm8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:28 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.5	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:28 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:28 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150828Z-1657d5bbd48wd55zet5pcra0cg00000003r0000000001ts7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:28 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.5	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:29 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:29 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 10df1352-f01e-00aa-105a-178521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150829Z-1657d5bbd48cpbzgkvtewk0wu000000003rg00000000gbdg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:29 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.5	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:29 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:29 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150829Z-1657d5bbd482lxwq1dp2t1zwkc000000039g000000010209 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:29 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.5	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:29 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:29 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150829Z-1657d5bbd4824mj9d6vp65b6n400000003x0000000007ugn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:29 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.5	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:29 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:29 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 92e59db7-001e-002b-6700-1799f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150829Z-1657d5bbd48qjg85buwfdynm5w00000003qg00000000q7vv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:29 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.5	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:29 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:29 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150829Z-1657d5bbd48xlwdx82gahegw4000000003u000000000ptew x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:29 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.5	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:29 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:29 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150829Z-1657d5bbd48762wn1qw4s5sd3000000003dg00000000yycw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:29 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.5	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:29 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:29 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150829Z-1657d5bbd48cpbzgkvtewk0wu000000003rg00000000gbf5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:30 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.5	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:29 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:29 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150829Z-1657d5bbd48qjg85buwfdynm5w00000003u0000000005cw8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:30 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.5	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:30 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:30 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 53f69819-801e-0048-7802-17f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150830Z-1657d5bbd48xdq5dkwwugdpzr000000003w000000000yrru x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:30 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.5	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:30 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:30 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 1be548a6-001e-00a2-4166-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150830Z-1657d5bbd48lknvp09v995n79000000003c0000000001yr5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:30 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49780	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:30 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 15:08:30 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF4C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=178655 Date: Mon, 07 Oct 2024 15:08:30 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.5	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:30 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:30 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 678daa67-201e-00aa-3f60-173928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150830Z-1657d5bbd48xsz2nuzq4vfrzg800000003dg00000000x7zp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:30 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.5	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:30 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:30 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150830Z-1657d5bbd48xsz2nuzq4vfrzg800000003dg00000000x7zw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:30 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.5	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:30 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:30 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 5a5a1e5c-a01e-001e-18f5-1649ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150830Z-1657d5bbd48xdq5dkwwugdpzr0000000041g000000003fae x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:30 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.5	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:30 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:30 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: cb78c1b2-201e-003f-2e04-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150830Z-1657d5bbd48xlwdx82gahegw4000000003y0000000001y18 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:31 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.5	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:30 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:30 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150830Z-1657d5bbd48dfrdj7px744zp8s00000003b000000000s651 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:31 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49791	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:30 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 15:08:31 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=178697 Date: Mon, 07 Oct 2024 15:08:31 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 15:08:31 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.5	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:31 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:31 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150831Z-1657d5bbd48cpbzgkvtewk0wu000000003r000000000kv6y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:31 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.5	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:31 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:31 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150831Z-1657d5bbd48xsz2nuzq4vfrzg800000003e000000000wr09 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:31 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.5	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:31 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:31 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 04801829-801e-00ac-6301-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150831Z-1657d5bbd48t66tjar5xuq22r800000003k000000000tw9t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:31 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.5	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:32 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:32 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 1ed82642-401e-0048-7b12-170409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150832Z-1657d5bbd482lxwq1dp2t1zwkc00000003dg00000000cmpn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:32 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.5	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:32 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:32 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: cde3aec9-601e-0084-63e5-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150832Z-1657d5bbd48lknvp09v995n790000000036000000000xthx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:32 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.5	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:32 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:32 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150832Z-1657d5bbd48dfrdj7px744zp8s00000003a000000000x725 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:32 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	49796	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:32 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+efbmkkw+yVso4w&MD=Pzg7Xf3M HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 15:08:32 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 68b1ab12-98e0-4d23-8afa-5185b598d017 MS-RequestId: 1da4b5ae-4f46-4672-84cb-2457647f70c9 MS-CV: d2Q1a5i9hkKV6QD8.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 15:08:31 GMT Connection: close Content-Length: 24490
2024-10-07 15:08:32 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 15:08:32 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.5	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:32 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:32 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 46a5aa72-701e-0032-6004-17a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150832Z-1657d5bbd48t66tjar5xuq22r800000003q0000000006gdb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:32 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.5	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:32 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:32 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 27cd2a1a-001e-0046-1b08-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150832Z-1657d5bbd48wd55zet5pcra0cg00000003p000000000bdwv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:32 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.5	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:32 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:32 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150832Z-1657d5bbd48wd55zet5pcra0cg00000003fg00000000zmcf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:32 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.5	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:32 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:32 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150832Z-1657d5bbd48xdq5dkwwugdpzr00000000410000000006fqz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:32 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.5	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:32 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:32 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150832Z-1657d5bbd48jwrqbupe3ktsx9w00000003sg00000000yc0r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:32 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.5	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:33 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:33 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150833Z-1657d5bbd48sdh4cyzadbb374800000003gg00000000dn11 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:33 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.5	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:33 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:33 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 0377c3fc-101e-000b-65dc-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150833Z-1657d5bbd48xlwdx82gahegw4000000003t000000000u0rd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:33 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.5	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:33 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:33 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 7ed04703-601e-0002-119e-18a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150833Z-1657d5bbd48hzllksrq1r6zsvs00000000ug00000000rbnf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:33 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.5	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:33 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:33 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150833Z-1657d5bbd48jwrqbupe3ktsx9w00000003xg000000005e7v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:33 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.5	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:34 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:34 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:34 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150834Z-1657d5bbd482tlqpvyz9e93p5400000003q000000000qudn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:34 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.5	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:34 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:34 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:34 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150834Z-1657d5bbd48xsz2nuzq4vfrzg800000003eg00000000tr74 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:34 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.5	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:34 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:34 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:34 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: b67c2655-301e-0096-2300-17e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150834Z-1657d5bbd48f7nlxc7n5fnfzh000000003b0000000008ezf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:34 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.5	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:34 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:34 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:34 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150834Z-1657d5bbd48762wn1qw4s5sd3000000003mg000000001ggr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:34 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.5	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:34 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:34 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:34 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150834Z-1657d5bbd482krtfgrg72dfbtn00000003bg00000000pmfr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:34 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.5	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:34 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:34 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:34 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 763e8d43-601e-000d-6912-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150834Z-1657d5bbd48vlsxxpe15ac3q7n00000003rg00000000131n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:34 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.5	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:35 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:35 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 60faaea3-001e-0079-0da5-1812e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150835Z-1657d5bbd48hzllksrq1r6zsvs00000000x000000000b3ym x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:35 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.5	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:35 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:35 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 897bc565-f01e-0096-5e60-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150835Z-1657d5bbd487nf59mzf5b3gk8n00000003ag000000009mbk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:35 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.5	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:35 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:35 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150835Z-1657d5bbd48wd55zet5pcra0cg00000003hg00000000stmf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:35 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.5	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:35 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:35 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150835Z-1657d5bbd48cpbzgkvtewk0wu000000003sg00000000bq9n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:35 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.5	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:35 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:36 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:35 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150835Z-1657d5bbd48vhs7r2p1ky7cs5w00000003ug00000001179n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:36 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.5	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:35 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:36 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:35 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150835Z-1657d5bbd48vhs7r2p1ky7cs5w00000003v0000000010b9h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:36 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.5	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:35 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:36 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:36 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 3c7823fd-401e-0015-0c60-170e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150836Z-1657d5bbd48vlsxxpe15ac3q7n00000003k000000000scf3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:36 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.5	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:36 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:36 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:36 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 2f576d96-401e-0047-3902-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150836Z-1657d5bbd482krtfgrg72dfbtn00000003ag00000000s0xx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:36 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.5	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:36 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:36 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:36 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150836Z-1657d5bbd48xsz2nuzq4vfrzg800000003gg00000000fk68 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:36 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	49839	172.217.16.206	443	7176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:36 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 15:08:36 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 15:08:36 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	49840	172.217.16.206	443	7176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:36 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 15:08:37 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 15:08:36 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	49851	172.217.16.206	443	7176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:37 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 15:08:37 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 31 33 37 31 34 39 31 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728313714917",null,null,null
2024-10-07 15:08:37 UTC	933	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=m9kZyOWmiReiUUlgNGRfPkddh8INPg3-8UWG5UQV0JMrHqmY60qnIP3DOCvm3ie_gaxFCGA31M_Dk474iDm4qq0WjGUNh-zmldMfaYPRqv19kUs66_1dwcT296C7mS47OMBg-PAdwzH_UbYsnjK-wEDb6lgSS0QZDcoGZKq6tNZRFfLyVYo; expires=Tue, 08-Apr-2025 15:08:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 15:08:37 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 15:08:37 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 15:08:37 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 15:08:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.5	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:37 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:37 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150837Z-1657d5bbd48f7nlxc7n5fnfzh0000000037000000000ub6x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:37 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.5	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:37 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:37 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150837Z-1657d5bbd48vlsxxpe15ac3q7n00000003fg000000011amf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:37 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.5	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:37 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:37 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150837Z-1657d5bbd48cpbzgkvtewk0wu000000003q000000000quy0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:37 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.5	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:37 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:37 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150837Z-1657d5bbd482lxwq1dp2t1zwkc00000003fg000000003qmv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:37 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.5	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:37 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:37 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150837Z-1657d5bbd48tqvfc1ysmtbdrg000000003mg0000000023e9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:37 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	49776	142.250.185.68	443	7176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:37 UTC	1222	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=m9kZyOWmiReiUUlgNGRfPkddh8INPg3-8UWG5UQV0JMrHqmY60qnIP3DOCvm3ie_gaxFCGA31M_Dk474iDm4qq0WjGUNh-zmldMfaYPRqv19kUs66_1dwcT296C7mS47OMBg-PAdwzH_UbYsnjK-wEDb6lgSS0QZDcoGZKq6tNZRFfLyVYo
2024-10-07 15:08:37 UTC	704	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 14:53:07 GMT Expires: Tue, 15 Oct 2024 14:53:07 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 930 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 15:08:37 UTC	686	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 15:08:37 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-07 15:08:37 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 15:08:37 UTC	1390	IN	Data Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-07 15:08:37 UTC	574	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	49852	172.217.16.206	443	7176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:37 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 15:08:37 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 31 33 37 31 35 31 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728313715100",null,null,null
2024-10-07 15:08:38 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=UgNfFIYLYCJKE4pFlmXy7tTOyxfeHKNZuQzNmnCOe6Z33rKigtLekyks-6twkdNPK9bKvt3Z9T5WOKg3dT0q6V2o55mb06dEbeNqZj4VUvlwP_mFkSerWTo6BoPcBfQIuWkOxdPGRMS4OpZiVNgkjRo1B1mxoWVju_Ran7n56Bba2u2zTQ; expires=Tue, 08-Apr-2025 15:08:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 15:08:37 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 15:08:37 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 15:08:38 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 15:08:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.5	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:38 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:38 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: db583ade-d01e-002b-28ac-1825fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150838Z-1657d5bbd48hzllksrq1r6zsvs00000000s0000000010qz5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:38 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.5	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:38 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:38 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150838Z-1657d5bbd482tlqpvyz9e93p5400000003n000000000xdkm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:38 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.5	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:38 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:38 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150838Z-1657d5bbd48q6t9vvmrkd293mg00000003n000000000fbn9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:38 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.5	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:38 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:38 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150838Z-1657d5bbd48cpbzgkvtewk0wu000000003rg00000000gbyx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:38 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.5	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:38 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:38 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150838Z-1657d5bbd48xdq5dkwwugdpzr0000000040g000000008fvs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:38 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.5	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:38 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:38 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: cb759915-201e-003f-5f03-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150838Z-1657d5bbd482lxwq1dp2t1zwkc00000003eg000000008ctx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:39 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.5	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:39 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:39 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 76165599-601e-000d-1a02-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150839Z-1657d5bbd482krtfgrg72dfbtn00000003g0000000001c3v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:39 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.5	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:39 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:39 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150839Z-1657d5bbd487nf59mzf5b3gk8n00000003c0000000002se1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:39 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.5	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:39 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:39 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 03c3f781-101e-000b-56fe-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150839Z-1657d5bbd4824mj9d6vp65b6n400000003yg000000000unk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:39 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.5	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:39 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:39 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150839Z-1657d5bbd48cpbzgkvtewk0wu000000003t0000000008ykk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:39 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.5	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:39 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:39 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150839Z-1657d5bbd48gqrfwecymhhbfm800000002cg00000000unz4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:39 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.5	49870	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:39 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:39 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150839Z-1657d5bbd48t66tjar5xuq22r800000003rg0000000000k5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:39 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.5	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:39 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:39 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 6f1c5b1d-901e-0048-485a-17b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150839Z-1657d5bbd48762wn1qw4s5sd3000000003fg00000000r4mc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:39 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.5	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:39 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:39 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150839Z-1657d5bbd48qjg85buwfdynm5w00000003s000000000fw8r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:39 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.5	49869	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:39 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:39 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 3a04fc40-501e-007b-3b73-175ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150839Z-1657d5bbd48tqvfc1ysmtbdrg000000003hg00000000arc8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:39 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.5	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:40 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:40 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:40 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150840Z-1657d5bbd48xsz2nuzq4vfrzg800000003d00000000102g5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:40 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.5	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:40 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:40 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:40 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 87e26173-201e-0051-15e7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150840Z-1657d5bbd487nf59mzf5b3gk8n00000003a000000000c6vc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:40 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.5	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:40 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:40 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:40 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 31868579-401e-008c-0af2-1686c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150840Z-1657d5bbd48dfrdj7px744zp8s00000003bg00000000qd55 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:40 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.5	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:40 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:40 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:40 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150840Z-1657d5bbd48xsz2nuzq4vfrzg800000003m0000000004vhc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:40 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.5	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:40 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:40 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:40 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fcca05a5-501e-00a0-3202-179d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150840Z-1657d5bbd48xdq5dkwwugdpzr0000000040g000000008g2q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:40 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.5	49877	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:41 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 46 4a 34 64 73 71 42 67 59 30 61 55 44 32 41 67 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 39 65 62 35 64 65 62 66 35 36 32 33 33 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: FJ4dsqBgY0aUD2Ag.1Context: 9c9eb5debf562338
2024-10-07 15:08:41 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-07 15:08:41 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 46 4a 34 64 73 71 42 67 59 30 61 55 44 32 41 67 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 39 65 62 35 64 65 62 66 35 36 32 33 33 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 65 65 6f 55 74 30 69 6a 4b 35 6f 6b 77 34 48 4d 78 45 6e 45 63 35 31 39 7a 52 6a 51 74 77 52 37 61 4d 59 30 39 6f 79 63 42 70 67 63 6e 55 35 48 53 6e 49 32 46 56 44 62 41 73 75 48 57 4f 6c 68 44 57 58 45 65 68 4e 63 64 48 4c 30 43 41 57 4b 79 52 73 37 2f 53 69 63 43 30 72 4f 30 4f 65 4d 63 52 62 4c 77 65 49 6c 61 47 58 44 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: FJ4dsqBgY0aUD2Ag.2Context: 9c9eb5debf562338<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaeeoUt0ijK5okw4HMxEnEc519zRjQtwR7aMY09oycBpgcnU5HSnI2FVDbAsuHWOlhDWXEehNcdHL0CAWKyRs7/SicC0rO0OeMcRbLweIlaGXD
2024-10-07 15:08:41 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 46 4a 34 64 73 71 42 67 59 30 61 55 44 32 41 67 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 39 65 62 35 64 65 62 66 35 36 32 33 33 38 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: FJ4dsqBgY0aUD2Ag.3Context: 9c9eb5debf562338
2024-10-07 15:08:41 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-07 15:08:41 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 78 58 62 6c 57 2f 46 71 36 45 2b 59 59 39 59 63 54 4b 32 2f 78 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: xXblW/Fq6E+YY9YcTK2/xg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.5	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:41 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:41 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:41 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: f076ebb2-f01e-001f-3766-175dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150841Z-1657d5bbd482krtfgrg72dfbtn00000003bg00000000pmxh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:41 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.5	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:41 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:41 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:41 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150841Z-1657d5bbd4824mj9d6vp65b6n400000003y000000000351t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:41 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.5	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:41 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:41 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:41 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150841Z-1657d5bbd48cpbzgkvtewk0wu000000003p000000000vh2m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:41 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.5	49880	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:41 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:42 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:41 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150841Z-1657d5bbd48q6t9vvmrkd293mg00000003r0000000002afd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:42 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.5	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:41 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:42 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:41 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150841Z-1657d5bbd48sqtlf1huhzuwq7000000003fg000000000zuc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:42 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.5	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:42 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:42 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:42 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150842Z-1657d5bbd48dfrdj7px744zp8s00000003fg000000003fn4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:42 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.5	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:42 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:42 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:42 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150842Z-1657d5bbd48dfrdj7px744zp8s00000003g0000000001t0t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:42 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.5	49885	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:42 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:42 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:42 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 6d2b2f65-e01e-0099-735a-17da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150842Z-1657d5bbd48gqrfwecymhhbfm800000002eg00000000kfsx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:42 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.5	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:43 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:43 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:43 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150843Z-1657d5bbd48gqrfwecymhhbfm800000002kg0000000016he x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:43 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.5	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:43 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:43 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:43 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 635e2ff4-801e-0035-1973-17752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150843Z-1657d5bbd48xdq5dkwwugdpzr0000000040g000000008g8q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:43 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.5	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:43 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:43 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:43 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 838d785c-001e-0014-24fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150843Z-1657d5bbd48lknvp09v995n790000000038g00000000mkkm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:43 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	49892	172.217.16.206	443	7176	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:43 UTC	1306	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1218 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=UgNfFIYLYCJKE4pFlmXy7tTOyxfeHKNZuQzNmnCOe6Z33rKigtLekyks-6twkdNPK9bKvt3Z9T5WOKg3dT0q6V2o55mb06dEbeNqZj4VUvlwP_mFkSerWTo6BoPcBfQIuWkOxdPGRMS4OpZiVNgkjRo1B1mxoWVju_Ran7n56Bba2u2zTQ
2024-10-07 15:08:43 UTC	1218	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 33 31 33 37 31 32 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728313712000",null,null,null,
2024-10-07 15:08:43 UTC	940	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=2DqJx8EuSsRE3GaFsrrShWnYoMLo8XeXYDiOK_YIsp6zi7VSgnHoAgT8F3oKYUvsMtQDBL8WTxsUYvWJVcwMmPSy5jRndaaa69o5eJQtD36W-8_qxqPjTYooHJ8guODYVb_v0I73Z8mVa7g6gH3YnZ2FOspwx1GJh-1uNrW-Y9CyZ11UHMEfQnSxbg; expires=Tue, 08-Apr-2025 15:08:43 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 15:08:43 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 15:08:43 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 15:08:43 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 15:08:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.5	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:43 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:43 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:43 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4d8e5842-701e-0021-0efe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150843Z-1657d5bbd48xdq5dkwwugdpzr000000003z000000000gp0r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:43 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.5	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:43 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:43 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:43 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150843Z-1657d5bbd48wd55zet5pcra0cg00000003p000000000bepu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:43 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.5	49891	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:43 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 51 37 70 69 2b 62 35 79 4f 45 71 47 55 74 4c 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 66 34 63 32 39 65 33 61 64 37 33 33 61 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Q7pi+b5yOEqGUtLV.1Context: cff4c29e3ad733ae
2024-10-07 15:08:43 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-07 15:08:43 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 51 37 70 69 2b 62 35 79 4f 45 71 47 55 74 4c 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 66 34 63 32 39 65 33 61 64 37 33 33 61 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 65 65 6f 55 74 30 69 6a 4b 35 6f 6b 77 34 48 4d 78 45 6e 45 63 35 31 39 7a 52 6a 51 74 77 52 37 61 4d 59 30 39 6f 79 63 42 70 67 63 6e 55 35 48 53 6e 49 32 46 56 44 62 41 73 75 48 57 4f 6c 68 44 57 58 45 65 68 4e 63 64 48 4c 30 43 41 57 4b 79 52 73 37 2f 53 69 63 43 30 72 4f 30 4f 65 4d 63 52 62 4c 77 65 49 6c 61 47 58 44 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Q7pi+b5yOEqGUtLV.2Context: cff4c29e3ad733ae<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaeeoUt0ijK5okw4HMxEnEc519zRjQtwR7aMY09oycBpgcnU5HSnI2FVDbAsuHWOlhDWXEehNcdHL0CAWKyRs7/SicC0rO0OeMcRbLweIlaGXD
2024-10-07 15:08:43 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 51 37 70 69 2b 62 35 79 4f 45 71 47 55 74 4c 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 66 34 63 32 39 65 33 61 64 37 33 33 61 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Q7pi+b5yOEqGUtLV.3Context: cff4c29e3ad733ae<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-07 15:08:43 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-07 15:08:43 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6d 32 6c 63 76 65 4f 2b 70 45 61 43 6b 74 4c 70 2b 6a 35 48 78 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: m2lcveO+pEaCktLp+j5HxQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.5	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:44 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:44 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:44 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150844Z-1657d5bbd48t66tjar5xuq22r800000003m000000000nwvd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:44 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	49893	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:44 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:44 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:44 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 60f98b5a-001e-0079-4ca5-1812e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150844Z-1657d5bbd48hzllksrq1r6zsvs00000000s0000000010rem x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:44 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.5	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:44 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:44 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:44 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150844Z-1657d5bbd48xdq5dkwwugdpzr000000003z000000000gp4t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:44 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.5	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:44 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:44 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:44 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: ca2bab4f-201e-0071-5e14-17ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150844Z-1657d5bbd48tnj6wmberkg2xy800000003qg00000000nqgr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:44 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.5	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:44 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:44 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:44 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150844Z-1657d5bbd48qjg85buwfdynm5w00000003n00000000104y3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:44 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.5	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:44 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:45 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:44 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150844Z-1657d5bbd48jwrqbupe3ktsx9w00000003y00000000031ye x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:45 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.5	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:45 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:45 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:45 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150845Z-1657d5bbd48xdq5dkwwugdpzr0000000041g000000003gc1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:45 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.5	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:45 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:45 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:45 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150845Z-1657d5bbd48tnj6wmberkg2xy800000003s000000000dt8t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:45 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.5	49901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:45 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:45 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:45 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150845Z-1657d5bbd48gqrfwecymhhbfm800000002d000000000u24q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:45 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.5	49902	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:45 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:45 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:45 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: cad35e9e-b01e-0021-3602-17cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150845Z-1657d5bbd487nf59mzf5b3gk8n000000036000000000vvcm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:45 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.5	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:45 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:46 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:45 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150845Z-1657d5bbd487nf59mzf5b3gk8n000000035g00000000x8rc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:46 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.5	49905	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:46 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:46 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:46 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: c7b470af-b01e-005c-24fe-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150846Z-1657d5bbd482lxwq1dp2t1zwkc00000003cg00000000kn60 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:46 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.5	49907	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:46 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:46 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:46 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150846Z-1657d5bbd48wd55zet5pcra0cg00000003hg00000000sumw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:46 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.5	49906	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:46 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:46 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:46 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150846Z-1657d5bbd48q6t9vvmrkd293mg00000003k000000000tten x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:46 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.5	49904	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:46 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:46 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:46 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150846Z-1657d5bbd48jwrqbupe3ktsx9w00000003rg0000000128hs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:46 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.5	49908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 15:08:46 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 15:08:46 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 15:08:46 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 838d7376-001e-0014-17fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T150846Z-1657d5bbd487nf59mzf5b3gk8n000000036g00000000ue15 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 15:08:46 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Target ID:	1
Start time:	11:08:19
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xe60000
File size:	919'040 bytes
MD5 hash:	C1A1B9482E8A9919F29377869AEED256
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	11:08:19
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x4d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:08:19
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	11:08:20
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x4d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:08:20
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	11:08:20
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x4d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	11:08:20
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:08:21
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x4d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	11:08:21
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	11:08:21
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x4d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	11:08:21
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	11:08:22
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	11:08:23
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	11:08:34
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	11:08:35
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=2012,i,10660022629594375404,9267428652285004520,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.3%
Total number of Nodes:	1580
Total number of Limit Nodes:	52

Executed Functions

Function 00E642DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00E6430D

Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A

GetCurrentProcess.KERNEL32(?,00EFCB64,00000000,?,?), ref: 00E64422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00E64429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00E64454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00E64466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00E64474
FreeLibrary.KERNEL32(00000000,?,?), ref: 00E6447B
GetSystemInfo.KERNEL32(?,?,?), ref: 00E644A0

Strings

kernel32.dll, xrefs: 00E6444F
|O, xrefs: 00EA36F8
GetNativeSystemInfo, xrefs: 00E64460

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 7d6e8da77edcb8850a8473d8d8558e590fbbb0e87a818eff7f081d09210f73d6
Instruction ID: 0a7a4a1367e33d15900d209d9e9337fca000f8ba6528b3730500a93f0bcc9356
Opcode Fuzzy Hash: 7d6e8da77edcb8850a8473d8d8558e590fbbb0e87a818eff7f081d09210f73d6
Instruction Fuzzy Hash: E8A106B290A3CCCFC721C7B97C451E57FE67B26364B186899E481B7B62D6304508FB22

Function 00E642A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00E650AA,?,?,00000000,00000000), ref: 00E642B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00E650AA,?,?,00000000,00000000), ref: 00E642C9
LoadResource.KERNEL32(?,00000000,?,?,00E650AA,?,?,00000000,00000000,?,?,?,?,?,?,00E64F20), ref: 00EA35BE
SizeofResource.KERNEL32(?,00000000,?,?,00E650AA,?,?,00000000,00000000,?,?,?,?,?,?,00E64F20), ref: 00EA35D3
LockResource.KERNEL32(00E650AA,?,?,00E650AA,?,?,00000000,00000000,?,?,?,?,?,?,00E64F20,?), ref: 00EA35E6

Strings

SCRIPT, xrefs: 00E642BF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: eafbd54413dcb70be702a1cbb25d729d3f160a5fb4b008e7acca7ece14c93a87
Instruction ID: 0c715c6e35e63fb6a7e5c9405f955d4580cef84b40fce3885f29be30013ef7e1
Opcode Fuzzy Hash: eafbd54413dcb70be702a1cbb25d729d3f160a5fb4b008e7acca7ece14c93a87
Instruction Fuzzy Hash: 78117CB0240704BFE7219B66ED58F677BB9EBC5B95F304169F502E62A0DB71EC14C620

Function 00ECDBBE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,"R), ref: 00ECDBCE
GetFileAttributesW.KERNELBASE(?), ref: 00ECDBDD
FindFirstFileW.KERNEL32(?,?), ref: 00ECDBEE
FindClose.KERNEL32(00000000), ref: 00ECDBFA

Strings

"R, xrefs: 00ECDBCA

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID: "R
API String ID: 2695905019-1746183819
Opcode ID: 73df1e0be4a3bc6f9e9f7528e0a1bb5a3f80be7cd026672ca653d2e3ac519e6f
Instruction ID: dcb3cd32175a2bb64639f84c6c76064a85b1a8b4cf410afb5d1ee3ff86afa7b4
Opcode Fuzzy Hash: 73df1e0be4a3bc6f9e9f7528e0a1bb5a3f80be7cd026672ca653d2e3ac519e6f
Instruction Fuzzy Hash: 94F0A7304149185B92206B789E0DDBA776C9F81334B304716F435E20F0EBB26959C595

Function 00EA2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00E62B6B

Part of subcall function 00E63A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00F31418,?,00E62E7F,?,?,?,00000000), ref: 00E63A78

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00F22224), ref: 00EA2C10
ShellExecuteW.SHELL32(00000000,?,?,00F22224), ref: 00EA2C17

Strings

runas, xrefs: 00EA2C0B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 4a4e18a916dcc4819f03e85e1d30f48e868d5aeb21d5cbbaa6581ecdaf7b8414
Instruction ID: 6f6386b87cad41a48d12edaeb11aefbeaa81f7396502e81aa71ce065eeda90fc
Opcode Fuzzy Hash: 4a4e18a916dcc4819f03e85e1d30f48e868d5aeb21d5cbbaa6581ecdaf7b8414
Instruction Fuzzy Hash: D111AF31288245AAC704FF74F8519BEB7E8AB957A4F54342DF182721A3CF319A49E712

Function 00EEA67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00EEA6AC
Process32FirstW.KERNEL32(00000000,?), ref: 00EEA6BA

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Process32NextW.KERNEL32(00000000,?), ref: 00EEA79C
CloseHandle.KERNELBASE(00000000), ref: 00EEA7AB

Part of subcall function 00E7CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00EA3303,?), ref: 00E7CE8A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 5c32b67dfe4d77c8a971ceeec6d5594c1126e079bdaa3b70d56a456c1748bedf
Instruction ID: 023f47497b9bf3f3163aaed6671447be8757f36d81df8b2dd6850412915324ca
Opcode Fuzzy Hash: 5c32b67dfe4d77c8a971ceeec6d5594c1126e079bdaa3b70d56a456c1748bedf
Instruction Fuzzy Hash: EB517E715083009FD314DF25D886A6BBBE8FF89754F14992DF589A7292EB30E904CB92

Function 00EEAFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 00EEB198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00EEB1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00EEB1D4
_wcslen.LIBCMT ref: 00EEB200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00EEB214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00EEB236
_wcslen.LIBCMT ref: 00EEB332

Part of subcall function 00ED05A7: GetStdHandle.KERNEL32(000000F6), ref: 00ED05C6

_wcslen.LIBCMT ref: 00EEB34B
_wcslen.LIBCMT ref: 00EEB366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00EEB3B6
GetLastError.KERNEL32(00000000), ref: 00EEB407
CloseHandle.KERNEL32(?), ref: 00EEB439
CloseHandle.KERNEL32(00000000), ref: 00EEB44A
CloseHandle.KERNEL32(00000000), ref: 00EEB45C
CloseHandle.KERNEL32(00000000), ref: 00EEB46E
CloseHandle.KERNEL32(?), ref: 00EEB4E3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 4dd73e94acb8d10c0b0027ace05c4fda550f0ec0b874fad31dba99dd32d03a0a
Instruction ID: f275052cccd3f35b2acaef2d232986f94780f817a53bb17a128f1ea946615576
Opcode Fuzzy Hash: 4dd73e94acb8d10c0b0027ace05c4fda550f0ec0b874fad31dba99dd32d03a0a
Instruction Fuzzy Hash: 83F1CC316083449FC724EF25D891B6FBBE5AF85314F18945DF899AB2A2DB30EC04CB52

Function 00E6D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00E6D807
timeGetTime.WINMM ref: 00E6DA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E6DB28
TranslateMessage.USER32(?), ref: 00E6DB7B
DispatchMessageW.USER32(?), ref: 00E6DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E6DB9F
Sleep.KERNELBASE(0000000A), ref: 00E6DBB1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: efda60422187a39060550057a6844c729e1d0dba4b0966ba73abb331dbd1d798
Instruction ID: 96223b3abc3af53e5b80ac887e679aaa783146790bcdd6f23add468af623132b
Opcode Fuzzy Hash: efda60422187a39060550057a6844c729e1d0dba4b0966ba73abb331dbd1d798
Instruction Fuzzy Hash: 05422030B48245DFE728CF24DC84BAAB7E0FF85358F98A55DE559A7291C770E844CB82

Function 00E62CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00E62D07
RegisterClassExW.USER32(00000030), ref: 00E62D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E62D42
InitCommonControlsEx.COMCTL32(?), ref: 00E62D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E62D6F
LoadIconW.USER32(000000A9), ref: 00E62D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E62D94

Strings

+, xrefs: 00E62CF0
0, xrefs: 00E62CE9
AutoIt v3 GUI, xrefs: 00E62D23
TaskbarCreated, xrefs: 00E62D37

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 0d5c3dde379aee1e2096059da2fbeda73496277ebc7a1e422b05e58ad9dc8608
Instruction ID: e509c690eca4d0afe3341efbf34c5ae69c3c8bc91459ffc3baceaad507ed91cd
Opcode Fuzzy Hash: 0d5c3dde379aee1e2096059da2fbeda73496277ebc7a1e422b05e58ad9dc8608
Instruction Fuzzy Hash: 5721E2B190220CEFDB00DFA5E949BEDBBB5FB48710F20811AE611B62A0D7B15548DF90

Function 00EA065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EA039A: CreateFileW.KERNELBASE(00000000,00000000,?,00EA0704,?,?,00000000,?,00EA0704,00000000,0000000C), ref: 00EA03B7

GetLastError.KERNEL32 ref: 00EA076F
__dosmaperr.LIBCMT ref: 00EA0776
GetFileType.KERNELBASE(00000000), ref: 00EA0782
GetLastError.KERNEL32 ref: 00EA078C
__dosmaperr.LIBCMT ref: 00EA0795
CloseHandle.KERNEL32(00000000), ref: 00EA07B5
CloseHandle.KERNEL32(?), ref: 00EA08FF
GetLastError.KERNEL32 ref: 00EA0931
__dosmaperr.LIBCMT ref: 00EA0938

Strings

H, xrefs: 00EA08BD

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: b9cd2e5c4225b71f686d2098bf64f37961aa17e4b036135c99e201699330fb4f
Instruction ID: c82ed8b3607d37e3009a56678f97ea8ff5c00aed19b6560f8b77df2dc4dee840
Opcode Fuzzy Hash: b9cd2e5c4225b71f686d2098bf64f37961aa17e4b036135c99e201699330fb4f
Instruction Fuzzy Hash: AEA12932A001088FDF19EF78D851BAE7BE1EB4A324F14115AF815BF391DB31A816CB91

Function 00E6344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00E63A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00F31418,?,00E62E7F,?,?,?,00000000), ref: 00E63A78

Part of subcall function 00E63357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00E63379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00E6356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00EA318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00EA31CE
RegCloseKey.ADVAPI32(?), ref: 00EA3210
_wcslen.LIBCMT ref: 00EA3277
_wcslen.LIBCMT ref: 00EA3286

Strings

Software\AutoIt v3\AutoIt, xrefs: 00E63560
Include, xrefs: 00EA3184, 00EA31C5
\Include\, xrefs: 00E63527
\, xrefs: 00EA328C

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 4f60d6d21630c6198e1647db81519869844da99c1dfbd60ef3ae0cf12759ec0a
Instruction ID: 4188a32e2ef4c5c3621befaa8c196437550a07922f27516679df3a3d43d5f711
Opcode Fuzzy Hash: 4f60d6d21630c6198e1647db81519869844da99c1dfbd60ef3ae0cf12759ec0a
Instruction Fuzzy Hash: 2F71E7715043099EC314EF69EC819ABBBE8FF89360F50142EF545E71B1DB309A48DB62

Function 00E62B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00E62B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00E62B9D
LoadIconW.USER32(00000063), ref: 00E62BB3
LoadIconW.USER32(000000A4), ref: 00E62BC5
LoadIconW.USER32(000000A2), ref: 00E62BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00E62BEF
RegisterClassExW.USER32(?), ref: 00E62C40

Part of subcall function 00E62CD4: GetSysColorBrush.USER32(0000000F), ref: 00E62D07
Part of subcall function 00E62CD4: RegisterClassExW.USER32(00000030), ref: 00E62D31
Part of subcall function 00E62CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E62D42
Part of subcall function 00E62CD4: InitCommonControlsEx.COMCTL32(?), ref: 00E62D5F
Part of subcall function 00E62CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E62D6F
Part of subcall function 00E62CD4: LoadIconW.USER32(000000A9), ref: 00E62D85
Part of subcall function 00E62CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E62D94

Strings

0, xrefs: 00E62C0F
#, xrefs: 00E62C16
AutoIt v3, xrefs: 00E62C2F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 04dabdcf967b049b5cc809e087ae298fac309fb2adecc26a2b386b58610756fa
Instruction ID: 689906d08e27eee54b5113330b6df2456ae70a8fddd76aafa2b6245f95747869
Opcode Fuzzy Hash: 04dabdcf967b049b5cc809e087ae298fac309fb2adecc26a2b386b58610756fa
Instruction Fuzzy Hash: BC212C71E0031CAFDB109FA6ED55AAA7FB6FB48B60F10001AE600B67A0D7B11554EF90

Function 00E63170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00E6316A,?,?), ref: 00E631D8
KillTimer.USER32(?,00000001,?,?,?,?,?,00E6316A,?,?), ref: 00E63204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00E63227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00E6316A,?,?), ref: 00E63232
CreatePopupMenu.USER32 ref: 00E63246
PostQuitMessage.USER32(00000000), ref: 00E63267

Strings

TaskbarCreated, xrefs: 00E6322D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: df29ae757cb333f76bbebe897b7721cb740e4b53a1658d2ac64377913acf1283
Instruction ID: 36939157f9d2895540cfdbfa0f322bf9525a4202c402c7efe0fbae9b88d7d6f1
Opcode Fuzzy Hash: df29ae757cb333f76bbebe897b7721cb740e4b53a1658d2ac64377913acf1283
Instruction Fuzzy Hash: 51414B312C4208ABDB152B78BD1DBB93659F7463E8F24311AF601F61E3C7719A44E761

Function 00E62C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00E62C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00E62CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00E61CAD,?), ref: 00E62CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00E61CAD,?), ref: 00E62CCF

Strings

edit, xrefs: 00E62CAC
AutoIt v3, xrefs: 00E62C89, 00E62C8E, 00E62C8F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: ec0a4c2e04c2e62bc38266c998294b7709f266ca00da5047cbb830895c88fb5a
Instruction ID: 61efe818f8154aabce11b09ed2d8f8fcb1bb9d33da8f27e544ea75cf27e4d636
Opcode Fuzzy Hash: ec0a4c2e04c2e62bc38266c998294b7709f266ca00da5047cbb830895c88fb5a
Instruction Fuzzy Hash: 9FF0D07554029C7AE73117276C09E777EBEE7C6F60B20105AF900A35A0C6A21858EE70

Function 00E63B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00E63B0F,SwapMouseButtons,00000004,?), ref: 00E63B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00E63B0F,SwapMouseButtons,00000004,?), ref: 00E63B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00E63B0F,SwapMouseButtons,00000004,?), ref: 00E63B83

Strings

Control Panel\Mouse, xrefs: 00E63B3E

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 4de54b71f5f10f7c09d769dc8ce120352c288086c01f1ebfea66fc3e2e02ab02
Instruction ID: 14c7a739addf3426971fa551c3058df6e1932d126b73a20e2ae0f3a41da30be0
Opcode Fuzzy Hash: 4de54b71f5f10f7c09d769dc8ce120352c288086c01f1ebfea66fc3e2e02ab02
Instruction Fuzzy Hash: 34115AB1550208FFDB208FA5EC44EEEBBB8EF41794B205459A805E7110D6319E449760

Function 00E63923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00EA33A2

Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00E63A04

Strings

Line: , xrefs: 00EA33EB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: 9515c30acb9d5079297af5837338713e7a297bf27616fc8d7f14e782c1b74ca1
Instruction ID: a1fe0f1e5db330481b4b3af9ac43294242dd9fc30fd1f5696861abdd15e15b33
Opcode Fuzzy Hash: 9515c30acb9d5079297af5837338713e7a297bf27616fc8d7f14e782c1b74ca1
Instruction Fuzzy Hash: BB31F671488304AAD724EB20EC45BEB77D8AF84764F14652AF599A31D1DB709648CBC2

Function 00E610F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00E61BF4
Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00E61BFC
Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00E61C07
Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00E61C12
Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00E61C1A
Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00E61C22

Part of subcall function 00E61B4A: RegisterWindowMessageW.USER32(00000004,?,00E612C4), ref: 00E61BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00E6136A
OleInitialize.OLE32 ref: 00E61388
CloseHandle.KERNEL32(00000000,00000000), ref: 00EA24AB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 1b831cb4b4d9e9ff4beba2af510549539251a7a62278957aee84fa5e3d9b338b
Instruction ID: 829475d04bdf0bc3baaae8ff99b95495de9f3fc1c3cac8f10518bb94669bb380
Opcode Fuzzy Hash: 1b831cb4b4d9e9ff4beba2af510549539251a7a62278957aee84fa5e3d9b338b
Instruction Fuzzy Hash: 6D71BBB590120C8FC384DF79FD466653AE2FBC93B4728A22AD50AE7362EB304405EF54

Function 00ECC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E63923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00E63A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00ECC259
KillTimer.USER32(?,00000001,?,?), ref: 00ECC261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00ECC270

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 4aeed9763ef37402a1e5ae84eac784673e85fcbfcb1706d0a38885c01d592ff0
Instruction ID: 75b67556134d4cdae4d3e0a22cea8d8e75f0ac4de3b07ca847b3efcc8b5848b5
Opcode Fuzzy Hash: 4aeed9763ef37402a1e5ae84eac784673e85fcbfcb1706d0a38885c01d592ff0
Instruction Fuzzy Hash: D131E570900744AFEB329F748995BE7BBECAB06308F24109ED1DEB3251C3755A89CB51

Function 00E986AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,00E985CC,?,00F28CC8,0000000C), ref: 00E98704
GetLastError.KERNEL32(?,00E985CC,?,00F28CC8,0000000C), ref: 00E9870E
__dosmaperr.LIBCMT ref: 00E98739

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: 37a7d8b32087a9c91d7803d3be2ca8d5f96ceb8f9d9e866ebc4bc3768694c810
Instruction ID: af07ecaf71b9c58d8388b6ce0340a8579392cbd5d408702357a584d25cef8170
Opcode Fuzzy Hash: 37a7d8b32087a9c91d7803d3be2ca8d5f96ceb8f9d9e866ebc4bc3768694c810
Instruction Fuzzy Hash: 42012B336056201ADE25A274AA45B7E67994BC377CF39215AFD18FF1F3DEA08C81C690

Function 00E6DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00E6DB7B
DispatchMessageW.USER32(?), ref: 00E6DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E6DB9F
Sleep.KERNELBASE(0000000A), ref: 00E6DBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00EB1CC9

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 2e46a50c99e9186927362fa0b37028cf8b6baead88d593e7d1ae80c0e7641041
Instruction ID: 005537d17dd7dbd825fdb7a27417150ac2d661e1855cc56f97b647b9392d7ce9
Opcode Fuzzy Hash: 2e46a50c99e9186927362fa0b37028cf8b6baead88d593e7d1ae80c0e7641041
Instruction Fuzzy Hash: 20F05E306483489BE734DBB19C59FEA73A8EB84364F605919E61AA30D0DB30A448DB25

Function 00E71310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00E717F6

Strings

CALL, xrefs: 00E717C6

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: cf98127f44d2981c50de3702cab2443f0570a5013d80fbee9116d7f12be9f1ff
Instruction ID: e746822c239d9234ec0a29bd647956599936f30790e8c9c01fc6391344f23067
Opcode Fuzzy Hash: cf98127f44d2981c50de3702cab2443f0570a5013d80fbee9116d7f12be9f1ff
Instruction Fuzzy Hash: 49228C706083419FC714DF18C480B6ABBF1BF85314F28A9ADF49AAB361D735E945CB52

Function 00E62DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00EA2C8C

Part of subcall function 00E63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E63A97,?,?,00E62E7F,?,?,?,00000000), ref: 00E63AC2

Part of subcall function 00E62DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00E62DC4

Strings

X, xrefs: 00EA2C5A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: 9cc279393e197fe0dccedbba6e32ef2bd682b6c255d6074cc1564426a714318c
Instruction ID: db44c0c2b7b6bb721f9cea8d5bd7e6add5e8e77308197ce6d6851482f7c2ff76
Opcode Fuzzy Hash: 9cc279393e197fe0dccedbba6e32ef2bd682b6c255d6074cc1564426a714318c
Instruction Fuzzy Hash: 4721A571A002989FDB01EF94D845BEE7BF9AF49314F009059E505FB241DBB45A898F61

Function 00E63837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00E63908

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: f5522605353eeb4c5eec2e81ee137310d925c16a5c2baa75ff278e3026391899
Instruction ID: 9e65520ce96d5222c8b775e0c39679ba47090ce20ae8924674750bf22742d830
Opcode Fuzzy Hash: f5522605353eeb4c5eec2e81ee137310d925c16a5c2baa75ff278e3026391899
Instruction Fuzzy Hash: BD31D5B05043018FD720DF34D8857D7BBE8FB49358F00092EF599A7280E771AA44CB52

Function 00E7F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00E7F661

Part of subcall function 00E6D730: GetInputState.USER32 ref: 00E6D807

Sleep.KERNEL32(00000000), ref: 00EBF2DE

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 58b712a12dec4f540f87e53fe163443682432881aceaadca3d322cc32c254bf4
Instruction ID: 0b76df242120dfad8f075735a5fd7d3eac386b9356cf78c4b37c98a9d4cb579d
Opcode Fuzzy Hash: 58b712a12dec4f540f87e53fe163443682432881aceaadca3d322cc32c254bf4
Instruction Fuzzy Hash: 60F082312802059FD310EF75E945BAAB7E9EF45760F10402AE85AE7360DB70A844CB91

Function 00E6B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00E6BB4E

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: af795d4f2f9851a5fcec6d6a1a9a32840576543c0c9c10558d8b1b833c54044d
Instruction ID: 8f7e1023762b24ebe9c82d14b8ec37d12bcff59998bc5c8f06515a2f7447b6b7
Opcode Fuzzy Hash: af795d4f2f9851a5fcec6d6a1a9a32840576543c0c9c10558d8b1b833c54044d
Instruction Fuzzy Hash: D1329B30A402099FDB24CF58D894AFFB7F9EF44398F18A059E905BB261D774AD81CB91

Function 00E64ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E64E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00E64EDD,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E9C
Part of subcall function 00E64E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00E64EAE
Part of subcall function 00E64E90: FreeLibrary.KERNEL32(00000000,?,?,00E64EDD,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64EFD

Part of subcall function 00E64E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EA3CDE,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E62
Part of subcall function 00E64E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00E64E74
Part of subcall function 00E64E59: FreeLibrary.KERNEL32(00000000,?,?,00EA3CDE,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E87

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: 2c6d6eb586b4f51a3736e3e833af5e1d1b821be7f130905608207e4da11f037e
Instruction ID: 94fc307032614b0a6caa0deac7f6a3e9c9087209442abb67b148e2e44c7a570e
Opcode Fuzzy Hash: 2c6d6eb586b4f51a3736e3e833af5e1d1b821be7f130905608207e4da11f037e
Instruction Fuzzy Hash: A8112372780305AACB15BB70EC02FAD77E4AF54790F20A42EF542BA1C1EE71AA059790

Function 00E98402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00E98440

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 3efc5d9aa73374b20e59d4146ec217bec9bf2b2c7928ce2b456d946b5c7c8a81
Instruction ID: b7cc17255eb1b3bf0bf0d3536907ba0d6dae5b00f20b8196cff19733bdf245f2
Opcode Fuzzy Hash: 3efc5d9aa73374b20e59d4146ec217bec9bf2b2c7928ce2b456d946b5c7c8a81
Instruction Fuzzy Hash: 2A11187590410AAFCF05DF58E9419DE7BF5EF49314F104069F818AB312DA31EA11CBA5

Function 00E95000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E94C7D: RtlAllocateHeap.NTDLL(00000008,00E61129,00000000,?,00E92E29,00000001,00000364,?,?,?,00E8F2DE,00E93863,00F31444,?,00E7FDF5,?), ref: 00E94CBE

_free.LIBCMT ref: 00E9506C

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction ID: cf5b756c62c1774f3922d62c0a171396af5755aac5b48c6a64975fd0ff220e34
Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction Fuzzy Hash: D9014E732047056BEB32CF65D84195AFBECFB85370F25061DE594A32C0E6306905C7B4

Function 00EF29BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,00EF14B5,?), ref: 00EF2A01

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 2bdf9b44c133090a00dee7d0b1b8d214e3111b1d0d8e2ae07d8b8c49c4c13410
Instruction ID: 0969c4355a74173fdb79bbf84c3f9e9c8f9a81b423f257a44555e825e78131ea
Opcode Fuzzy Hash: 2bdf9b44c133090a00dee7d0b1b8d214e3111b1d0d8e2ae07d8b8c49c4c13410
Instruction Fuzzy Hash: 85019E36300A459FD325CA2DC454B323792EBC5318F29E46DC347AB291DB32EC42C7A0

Function 00E8E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 916079a87ceafdeab4c5b2a1e0eddd43a6289c5a531f8de33bab7d4ad9100dec
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 67F02832510A14AADF313A698C05B9A33D89F92334F142719F52DB33E2EB70D80297A5

Function 00E94C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00E61129,00000000,?,00E92E29,00000001,00000364,?,?,?,00E8F2DE,00E93863,00F31444,?,00E7FDF5,?), ref: 00E94CBE

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4d04f65f3b6cf8d0f209061b1e8e8bd11aac40a26d7dcc2707f55c94678e9b8d
Instruction ID: 5f384a5d139d4e48c41818c38d27d4dbced28a17ffbfe33679f15ae30332f666
Opcode Fuzzy Hash: 4d04f65f3b6cf8d0f209061b1e8e8bd11aac40a26d7dcc2707f55c94678e9b8d
Instruction Fuzzy Hash: E3F0B4B16022246EFF216F629C05F9AB7C8BF417A5B286215B81DBA1D0CA30D80286A0

Function 00E93820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6,?,00E61129), ref: 00E93852

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3d8931f84fb543e10135f6dd74ca432f9014297103b9c1a2ac9ff3d0323240c5
Instruction ID: 35c66326fbdca0c7431b951a519bfbb3aa920fb000f67003cef3ac0f95a3d7eb
Opcode Fuzzy Hash: 3d8931f84fb543e10135f6dd74ca432f9014297103b9c1a2ac9ff3d0323240c5
Instruction Fuzzy Hash: 83E0E53110122956DE3536779C04BDA36C9AF427B8F152221BC09B69D0CB10DD0192E0

Function 00E64F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64F6D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 19fe29fcb2c9596cd6cc5928184600bb2f8deff033bf91768471c114aae89dd0
Instruction ID: c9cfe92fc7e0d4fa623fe0257eeb84b24da28eb8ec34d448fcc66fdb02bffa4f
Opcode Fuzzy Hash: 19fe29fcb2c9596cd6cc5928184600bb2f8deff033bf91768471c114aae89dd0
Instruction Fuzzy Hash: 8EF030B1245751CFDB389F64E490862B7F4BF14359320A97EE1DAA2652C7319848DF10

Function 00EF2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00EF2A66

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: b6fef06edc21edffe766d858934b2feae265b88bf8fdde8aa62f27f30927174c
Instruction ID: e4f2b36341501a7e02035652e3a4737ef6584017db0c5042e3be3d6262ca66b5
Opcode Fuzzy Hash: b6fef06edc21edffe766d858934b2feae265b88bf8fdde8aa62f27f30927174c
Instruction Fuzzy Hash: AEE04F7635451AAAC714EE30ED809FA739CEB50395710553EAE1AE2140EB309A96D6A0

Function 00E62DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00E62DC4

Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: 5a524e347ff6d2e1a101db84258520a641453a555be745ceab6b5ab45bed8ade
Instruction ID: 2ac1443f7c362bc42dda3fd79bcb088c29ab50ac0bf48b87e530a70446acc6a8
Opcode Fuzzy Hash: 5a524e347ff6d2e1a101db84258520a641453a555be745ceab6b5ab45bed8ade
Instruction Fuzzy Hash: D2E0CD766001245FC71096589C05FEA77DDDFC87D0F0440B1FD09F7258D960BD84C550

Function 00E62B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00E63837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00E63908

Part of subcall function 00E6D730: GetInputState.USER32 ref: 00E6D807

SetCurrentDirectoryW.KERNEL32(?), ref: 00E62B6B

Part of subcall function 00E630F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00E6314E

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: f801735fd4e889e5f128d13ddb1f6c40f1c600d192f5c572a37f3ad65b09e62e
Instruction ID: 6efec5315ef91a5ae521d88537d2f9e09bf7cfeca9aad4072a2f7d054cc9e256
Opcode Fuzzy Hash: f801735fd4e889e5f128d13ddb1f6c40f1c600d192f5c572a37f3ad65b09e62e
Instruction Fuzzy Hash: 2FE0862174424806C608BB75B8565BDF7D9DBE63E5F40353EF542B31A3CE2445499252

Function 00EA039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00EA0704,?,?,00000000,?,00EA0704,00000000,0000000C), ref: 00EA03B7

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6e06db66dbf498d1ff4d2b88c1df48f9b9fb029734000eb3859c5b66925374ff
Instruction ID: cf4505c9ba2d9a22e0517310d5cb52ef6ce2bafb35e372ed95166a63438297a2
Opcode Fuzzy Hash: 6e06db66dbf498d1ff4d2b88c1df48f9b9fb029734000eb3859c5b66925374ff
Instruction Fuzzy Hash: 66D06C3204010DBFDF028F85DD06EDA3BAAFB88714F114000BE5866020C732E831EB90

Function 00E61CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00E61CBC

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: b012c9926ff27269296f040747505dcfeb8b8933bd216e0efb0c1c7346ea2bac
Instruction ID: f695165bfb17ac1ab3ea6892876d8b47f6ae73a57bfbd46ec7fa6f69d3861f16
Opcode Fuzzy Hash: b012c9926ff27269296f040747505dcfeb8b8933bd216e0efb0c1c7346ea2bac
Instruction Fuzzy Hash: F0C09B3528030CDFF2544780BD4AF107755B34CB11F144001F609655E3C3A11414F650

Non-executed Functions

Function 00EF9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00EF961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00EF965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00EF969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00EF96C9
SendMessageW.USER32 ref: 00EF96F2
GetKeyState.USER32(00000011), ref: 00EF978B
GetKeyState.USER32(00000009), ref: 00EF9798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00EF97AE
GetKeyState.USER32(00000010), ref: 00EF97B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00EF97E9
SendMessageW.USER32 ref: 00EF9810
SendMessageW.USER32(?,00001030,?,00EF7E95), ref: 00EF9918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00EF992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00EF9941
SetCapture.USER32(?), ref: 00EF994A
ClientToScreen.USER32(?,?), ref: 00EF99AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00EF99BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00EF99D6
ReleaseCapture.USER32 ref: 00EF99E1
GetCursorPos.USER32(?), ref: 00EF9A19
ScreenToClient.USER32(?,?), ref: 00EF9A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00EF9A80
SendMessageW.USER32 ref: 00EF9AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00EF9AEB
SendMessageW.USER32 ref: 00EF9B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00EF9B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00EF9B4A
GetCursorPos.USER32(?), ref: 00EF9B68
ScreenToClient.USER32(?,?), ref: 00EF9B75
GetParent.USER32(?), ref: 00EF9B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00EF9BFA
SendMessageW.USER32 ref: 00EF9C2B
ClientToScreen.USER32(?,?), ref: 00EF9C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00EF9CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00EF9CDE
SendMessageW.USER32 ref: 00EF9D01
ClientToScreen.USER32(?,?), ref: 00EF9D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00EF9D82

Part of subcall function 00E79944: GetWindowLongW.USER32(?,000000EB), ref: 00E79952

GetWindowLongW.USER32(?,000000F0), ref: 00EF9E05

Strings

F, xrefs: 00EF9D07
@GUI_DRAGID, xrefs: 00EF997D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: 6247171cca338b601943927ad02fdbd6c25e6b7b38b6febb44da7f2c6a9f564d
Instruction ID: a6d99fe094aa400b4f0b8a7c941695cf47a31ab7a63b613c7d36f53a8612439e
Opcode Fuzzy Hash: 6247171cca338b601943927ad02fdbd6c25e6b7b38b6febb44da7f2c6a9f564d
Instruction Fuzzy Hash: 0A428D30204248AFD724CF24CC44BBABBE5FF88724F255619F699E72A2D7319854DF52

Function 00EF4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00EF48F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00EF4908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00EF4927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00EF494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00EF495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00EF497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00EF49AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00EF49D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00EF4A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00EF4A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00EF4A7E
IsMenu.USER32(?), ref: 00EF4A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00EF4AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00EF4B20
GetWindowLongW.USER32(?,000000F0), ref: 00EF4B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00EF4BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00EF4C82
wsprintfW.USER32 ref: 00EF4CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00EF4CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00EF4CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00EF4D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00EF4D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00EF4D5A

Strings

%d/%02d/%02d, xrefs: 00EF4CA8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: 11c186943621e58020de2c866981bfb193219ca49c468a40fdce7f403a3e5354
Instruction ID: 9b4e8dffb0cd18c58182aa65eab2ada02963114055bc6002c87f754af4cdad3a
Opcode Fuzzy Hash: 11c186943621e58020de2c866981bfb193219ca49c468a40fdce7f403a3e5354
Instruction Fuzzy Hash: 0B12E0B1600258ABEB248F29CC49FBF7BE8EF85714F206119F619FA1E1D7749A40CB50

Function 00E7F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00E7F998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EBF474
IsIconic.USER32(00000000), ref: 00EBF47D
ShowWindow.USER32(00000000,00000009), ref: 00EBF48A
SetForegroundWindow.USER32(00000000), ref: 00EBF494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00EBF4AA
GetCurrentThreadId.KERNEL32 ref: 00EBF4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00EBF4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 00EBF4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 00EBF4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00EBF4DE
SetForegroundWindow.USER32(00000000), ref: 00EBF4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 00EBF4F6
keybd_event.USER32(00000012,00000000), ref: 00EBF501
MapVirtualKeyW.USER32(00000012,00000000), ref: 00EBF50B
keybd_event.USER32(00000012,00000000), ref: 00EBF510
MapVirtualKeyW.USER32(00000012,00000000), ref: 00EBF519
keybd_event.USER32(00000012,00000000), ref: 00EBF51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 00EBF528
keybd_event.USER32(00000012,00000000), ref: 00EBF52D
SetForegroundWindow.USER32(00000000), ref: 00EBF530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 00EBF557

Strings

Shell_TrayWnd, xrefs: 00EBF46F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 6d0b5694ecdecdf28e6869992220305103261ac4c63ce9935243b887c6a25c40
Instruction ID: d3b6af7a2ead75d6ef86a8885960eb56785b49d3ea52fc1a5b8a5cb03d7ed9fe
Opcode Fuzzy Hash: 6d0b5694ecdecdf28e6869992220305103261ac4c63ce9935243b887c6a25c40
Instruction Fuzzy Hash: 58313071A4021CBEEB206BB65D4AFBF7E6CEB84B50F211066F605F61D1C6B19D00EA61

Function 00EC1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00EC16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EC170D
Part of subcall function 00EC16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EC173A
Part of subcall function 00EC16C3: GetLastError.KERNEL32 ref: 00EC174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00EC1286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00EC12A8
CloseHandle.KERNEL32(?), ref: 00EC12B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00EC12D1
GetProcessWindowStation.USER32 ref: 00EC12EA
SetProcessWindowStation.USER32(00000000), ref: 00EC12F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00EC1310

Part of subcall function 00EC10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00EC11FC), ref: 00EC10D4
Part of subcall function 00EC10BF: CloseHandle.KERNEL32(?,?,00EC11FC), ref: 00EC10E9

Strings

winsta0, xrefs: 00EC12CC
default, xrefs: 00EC130B
, xrefs: 00EC125A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 0757088887b7cc23081c3d3bb8272c00486b885e4b2478d4a87d564e81fb2a22
Instruction ID: c6dcee78c0dd0023ebdafa8e6688e54912d2d16449b1e6883ff5fb4187647327
Opcode Fuzzy Hash: 0757088887b7cc23081c3d3bb8272c00486b885e4b2478d4a87d564e81fb2a22
Instruction Fuzzy Hash: 7E81AD71900209AFDF259FA4DE49FEE7BB9FF45704F2451A9F920B21A1D7328946CB20

Function 00EC0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00EC1114
Part of subcall function 00EC10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1120
Part of subcall function 00EC10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC112F
Part of subcall function 00EC10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1136
Part of subcall function 00EC10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00EC114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00EC0BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00EC0C00
GetLengthSid.ADVAPI32(?), ref: 00EC0C17
GetAce.ADVAPI32(?,00000000,?), ref: 00EC0C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00EC0C6D
GetLengthSid.ADVAPI32(?), ref: 00EC0C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00EC0C8C
HeapAlloc.KERNEL32(00000000), ref: 00EC0C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00EC0CB4
CopySid.ADVAPI32(00000000), ref: 00EC0CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00EC0CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00EC0D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00EC0D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0D45
HeapFree.KERNEL32(00000000), ref: 00EC0D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0D55
HeapFree.KERNEL32(00000000), ref: 00EC0D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0D65
HeapFree.KERNEL32(00000000), ref: 00EC0D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00EC0D78
HeapFree.KERNEL32(00000000), ref: 00EC0D7F

Part of subcall function 00EC1193: GetProcessHeap.KERNEL32(00000008,00EC0BB1,?,00000000,?,00EC0BB1,?), ref: 00EC11A1
Part of subcall function 00EC1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00EC0BB1,?), ref: 00EC11A8
Part of subcall function 00EC1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00EC0BB1,?), ref: 00EC11B7

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 35b1bbb922e3445ce29190c76a5fc97c87b0fb73118c483f1f4bf1ba1febfa12
Instruction ID: bd579a6c8e601698983cd62858e72b8bbf1c83855da41e53b41320807446433e
Opcode Fuzzy Hash: 35b1bbb922e3445ce29190c76a5fc97c87b0fb73118c483f1f4bf1ba1febfa12
Instruction Fuzzy Hash: B3719D7190020AEFDF10DFA5DE44FAEBBB8BF44704F244519E915B6291D772A906CB60

Function 00EDEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00EFCC08), ref: 00EDEB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 00EDEB37
GetClipboardData.USER32(0000000D), ref: 00EDEB43
CloseClipboard.USER32 ref: 00EDEB4F
GlobalLock.KERNEL32(00000000), ref: 00EDEB87
CloseClipboard.USER32 ref: 00EDEB91
GlobalUnlock.KERNEL32(00000000), ref: 00EDEBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 00EDEBC9
GetClipboardData.USER32(00000001), ref: 00EDEBD1
GlobalLock.KERNEL32(00000000), ref: 00EDEBE2
GlobalUnlock.KERNEL32(00000000), ref: 00EDEC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 00EDEC38
GetClipboardData.USER32(0000000F), ref: 00EDEC44
GlobalLock.KERNEL32(00000000), ref: 00EDEC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00EDEC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00EDEC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00EDECD2
GlobalUnlock.KERNEL32(00000000), ref: 00EDECF3
CountClipboardFormats.USER32 ref: 00EDED14
CloseClipboard.USER32 ref: 00EDED59

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 70296211c3921224e58d6f0f5654c5e16e8de7323536e7fe137dd7fec0f4aac5
Instruction ID: 5b499ab15cf871314e96f5145b97aabaf052721469c1371cf2e3d36adefa5bd1
Opcode Fuzzy Hash: 70296211c3921224e58d6f0f5654c5e16e8de7323536e7fe137dd7fec0f4aac5
Instruction Fuzzy Hash: E061C2342042059FD310EF20D988F7A77E4EF84758F24655AF456BB3A2CB31E90ACB62

Function 00ED698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00ED69BE
FindClose.KERNEL32(00000000), ref: 00ED6A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00ED6A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00ED6A75

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00ED6AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00ED6ADF

Strings

%4d%02d%02d%02d%02d%02d%03d, xrefs: 00ED6B32
%03d, xrefs: 00ED6DA2
%4d%02d%02d%02d%02d%02d, xrefs: 00ED6B6A
%02d, xrefs: 00ED6C00, 00ED6C0A, 00ED6C5A, 00ED6CAA, 00ED6CFA, 00ED6D4A
%4d, xrefs: 00ED6BB1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: 9c7f83aed65039da6abd7a25d79d0f153df71e9e38a9b9b9ba9af1eeff74460f
Instruction ID: d83d89fd8ad352c8897410a359f09d8f452717c69a49e6992d26f6c74043a071
Opcode Fuzzy Hash: 9c7f83aed65039da6abd7a25d79d0f153df71e9e38a9b9b9ba9af1eeff74460f
Instruction Fuzzy Hash: E3D17171548300AFC314EBA0D991EABB7ECEF88704F04591EF585E7291EB74DA48CB62

Function 00ED9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00ED9663
GetFileAttributesW.KERNEL32(?), ref: 00ED96A1
SetFileAttributesW.KERNEL32(?,?), ref: 00ED96BB
FindNextFileW.KERNEL32(00000000,?), ref: 00ED96D3
FindClose.KERNEL32(00000000), ref: 00ED96DE
FindFirstFileW.KERNEL32(*.*,?), ref: 00ED96FA
SetCurrentDirectoryW.KERNEL32(?), ref: 00ED974A
SetCurrentDirectoryW.KERNEL32(00F26B7C), ref: 00ED9768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00ED9772
FindClose.KERNEL32(00000000), ref: 00ED977F
FindClose.KERNEL32(00000000), ref: 00ED978F

Strings

*.*, xrefs: 00ED96F5

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: 503399fbfc1b1424c756a17525a94180ecad5232eaba34b12d177389602f435a
Instruction ID: 9c9a45da746bc64b234a60b7f03072424e56b2701581a13d8ad218929a5ca438
Opcode Fuzzy Hash: 503399fbfc1b1424c756a17525a94180ecad5232eaba34b12d177389602f435a
Instruction Fuzzy Hash: E631CE3254161D6EDB14AFB5ED08AEE77ACEF89324F205197E814F22B1DB30DA49CB10

Function 00ED979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00ED97BE
FindNextFileW.KERNEL32(00000000,?), ref: 00ED9819
FindClose.KERNEL32(00000000), ref: 00ED9824
FindFirstFileW.KERNEL32(*.*,?), ref: 00ED9840
SetCurrentDirectoryW.KERNEL32(?), ref: 00ED9890
SetCurrentDirectoryW.KERNEL32(00F26B7C), ref: 00ED98AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00ED98B8
FindClose.KERNEL32(00000000), ref: 00ED98C5
FindClose.KERNEL32(00000000), ref: 00ED98D5

Part of subcall function 00ECDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00ECDB00

Strings

*.*, xrefs: 00ED983B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 277a02959a7c7ed204cc38ea9e25527ca691aaa5b515914c9087ab89dca9a535
Instruction ID: 7f4f68f794cd9501d26edad983df2ba26ab84846b18b12b59cfca28daf9711c0
Opcode Fuzzy Hash: 277a02959a7c7ed204cc38ea9e25527ca691aaa5b515914c9087ab89dca9a535
Instruction Fuzzy Hash: 9031053654061D6EEF14AFB5EC48AEE73ACDF46724F205156E804F22B1DB31D94ADB20

Function 00EEBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EEB6AE,?,?), ref: 00EEC9B5
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EEC9F1
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA68
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EEBF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00EEBFA9
RegCloseKey.ADVAPI32(00000000), ref: 00EEBFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00EEC02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00EEC0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00EEC154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00EEC1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00EEC23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00EEC2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00EEC382
RegCloseKey.ADVAPI32(00000000), ref: 00EEC38F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: 2044716469bb8912e02aa8dc3817a887438774acaaaa8bae477ec183eb9d38d6
Instruction ID: b613ddacb962c8f59dbb95b37bc95a2da25ec8ac8f714ac105fcb6b5565d9ef1
Opcode Fuzzy Hash: 2044716469bb8912e02aa8dc3817a887438774acaaaa8bae477ec183eb9d38d6
Instruction Fuzzy Hash: B50282716042449FC714CF25C895E2AB7E5EF89318F28D49DF84AEB2A2DB31EC46CB51

Function 00ED8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00ED8257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00ED8267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00ED8273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00ED8310
SetCurrentDirectoryW.KERNEL32(?), ref: 00ED8324
SetCurrentDirectoryW.KERNEL32(?), ref: 00ED8356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00ED838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00ED8395

Strings

*.*, xrefs: 00ED839B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: 6ee72774031b538e8eb6960cc3245fc44467ce40144a49db6d134651e35db95c
Instruction ID: e46ec1deee45e6d6c7807630c0661fd3047cff56f37f55298a7a9224550817eb
Opcode Fuzzy Hash: 6ee72774031b538e8eb6960cc3245fc44467ce40144a49db6d134651e35db95c
Instruction Fuzzy Hash: DA618C725043459FC710EF60D9409AEB3E8FF89314F14591EF989E7261EB31E94ACB92

Function 00ECD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00E63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E63A97,?,?,00E62E7F,?,?,?,00000000), ref: 00E63AC2

Part of subcall function 00ECE199: GetFileAttributesW.KERNEL32(?,00ECCF95), ref: 00ECE19A

FindFirstFileW.KERNEL32(?,?), ref: 00ECD122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00ECD1DD
MoveFileW.KERNEL32(?,?), ref: 00ECD1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 00ECD20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 00ECD237

Part of subcall function 00ECD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00ECD21C,?,?), ref: 00ECD2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 00ECD253
FindClose.KERNEL32(00000000), ref: 00ECD264

Strings

\*.*, xrefs: 00ECD0CD, 00ECD0D6, 00ECD0EB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: e767bdf453643b7f4ad39d6389d84fcbdf0969effafecda66d865adfbed219c0
Instruction ID: 4ce69c977e493edf2047480825a7503c14ddfa482bedfa2b5ef901844680c8f4
Opcode Fuzzy Hash: e767bdf453643b7f4ad39d6389d84fcbdf0969effafecda66d865adfbed219c0
Instruction Fuzzy Hash: 40617E3184510D9ECF09EBE0EE52EEDB7B9AF55344F246069E401771A2EB325F0ADB60

Function 00EDED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00EDED91
EmptyClipboard.USER32 ref: 00EDED97
GlobalAlloc.KERNEL32(00000002,?), ref: 00EDEDAC
CloseClipboard.USER32 ref: 00EDEEA3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: f7f2b7de22385f38541baeebb764567c85227974d310fdb32ee5b7c3b653d4d4
Instruction ID: 619343253a4ebed62ce3359a80b72a99f10ed559c0115eb75a0a9464428c76b5
Opcode Fuzzy Hash: f7f2b7de22385f38541baeebb764567c85227974d310fdb32ee5b7c3b653d4d4
Instruction Fuzzy Hash: ED419F352046119FE310DF15D888B29BBE1EF44318F25D09AE859AF762C775EC46CB90

Function 00ECE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EC170D
Part of subcall function 00EC16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EC173A
Part of subcall function 00EC16C3: GetLastError.KERNEL32 ref: 00EC174A

ExitWindowsEx.USER32(?,00000000), ref: 00ECE932

Strings

, xrefs: 00ECE95C
SeShutdownPrivilege, xrefs: 00ECE902
@, xrefs: 00ECE925
, xrefs: 00ECE920

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: 864a011d041963d55d4caefdcd56be37a2a5ce12868c0ec14fb20f45fc915740
Instruction ID: 17b614b60374b872b8c489d6239e7fa0097a1a51c9dcf7db6c1efe6872bc918a
Opcode Fuzzy Hash: 864a011d041963d55d4caefdcd56be37a2a5ce12868c0ec14fb20f45fc915740
Instruction Fuzzy Hash: EA014E32610214AFFB5422759E86FFF729C9744744F241569FC03F32D2D5B25C46C290

Function 00EE1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00EE1276
WSAGetLastError.WSOCK32 ref: 00EE1283
bind.WSOCK32(00000000,?,00000010), ref: 00EE12BA
WSAGetLastError.WSOCK32 ref: 00EE12C5
closesocket.WSOCK32(00000000), ref: 00EE12F4
listen.WSOCK32(00000000,00000005), ref: 00EE1303
WSAGetLastError.WSOCK32 ref: 00EE130D
closesocket.WSOCK32(00000000), ref: 00EE133C

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: b8828e3d6620b440a6bc686dd87e8e36b771e3069e5d7a324e731958d4d00b60
Instruction ID: e3aa0b0d8c804e41d96cb376a69d76953f60360f04478ebddf1224c0bd8c2857
Opcode Fuzzy Hash: b8828e3d6620b440a6bc686dd87e8e36b771e3069e5d7a324e731958d4d00b60
Instruction Fuzzy Hash: 5941C5306001849FD714DF65D984B69B7E5BF8A318F2890C8D956AF2A2C771ECC5CBE1

Function 00E9B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00E9B9D4
_free.LIBCMT ref: 00E9B9F8
_free.LIBCMT ref: 00E9BB7F
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00F03700), ref: 00E9BB91
WideCharToMultiByte.KERNEL32(00000000,00000000,00F3121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00E9BC09
WideCharToMultiByte.KERNEL32(00000000,00000000,00F31270,000000FF,?,0000003F,00000000,?), ref: 00E9BC36
_free.LIBCMT ref: 00E9BD4B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: 3a3903021a96ba7988d4c7c68c530513b3e139edb7511a72f6815754e2cffb38
Instruction ID: a4abc6ce7b9680a3b9661ddda4791961adb47cddce4f3e1d93368d6d569ad96d
Opcode Fuzzy Hash: 3a3903021a96ba7988d4c7c68c530513b3e139edb7511a72f6815754e2cffb38
Instruction Fuzzy Hash: 2DC13871904208AFDF20DF69AE41BAEBBF9EF41324F14619AE494F7291E7709E41C790

Function 00ECD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00E63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E63A97,?,?,00E62E7F,?,?,?,00000000), ref: 00E63AC2

Part of subcall function 00ECE199: GetFileAttributesW.KERNEL32(?,00ECCF95), ref: 00ECE19A

FindFirstFileW.KERNEL32(?,?), ref: 00ECD420
DeleteFileW.KERNEL32(?,?,?,?), ref: 00ECD470
FindNextFileW.KERNEL32(00000000,00000010), ref: 00ECD481
FindClose.KERNEL32(00000000), ref: 00ECD498
FindClose.KERNEL32(00000000), ref: 00ECD4A1

Strings

\*.*, xrefs: 00ECD3F2

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 297a312d8bd4ce4a2e014995aaafbb775de758b025085c382187f164ad80b0c2
Instruction ID: 9ae7c7b2eb29c9b72e9071379cdecd4b05d7a18908d863684d940e600e50e449
Opcode Fuzzy Hash: 297a312d8bd4ce4a2e014995aaafbb775de758b025085c382187f164ad80b0c2
Instruction Fuzzy Hash: D131AF3104C3449FC204EF60E9519AF77E8BE91354F546A2DF4E5A31A1EB31AA09CB63

Function 00E9E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00E9E645

Strings

1#QNAN, xrefs: 00E9F84B
1#SNAN, xrefs: 00E9F844
1#IND, xrefs: 00E9F83D
1#INF, xrefs: 00E9F852

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: df56a21f5a5ed9001b4b0b4d21d0f5912a4ae071d73c6d2b4497a7be028b05ca
Instruction ID: 6e793025c89693e794410ee799189f369a7ab0646b3a378477c2fec2f4e9e4c9
Opcode Fuzzy Hash: df56a21f5a5ed9001b4b0b4d21d0f5912a4ae071d73c6d2b4497a7be028b05ca
Instruction Fuzzy Hash: 2DC23871E086288FDF29CE289D407EAB7B5EB48309F1551EAD94DF7241E774AE818F40

Function 00ED648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00ED64DC
CoInitialize.OLE32(00000000), ref: 00ED6639
CoCreateInstance.OLE32(00EFFCF8,00000000,00000001,00EFFB68,?), ref: 00ED6650
CoUninitialize.OLE32 ref: 00ED68D4

Strings

.lnk, xrefs: 00ED64BA, 00ED6524, 00ED65E0

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 46ba3d199a09601027e5286b1a6469659e7f7712cc03eaa8924597c0304b35ca
Instruction ID: 2581eb9f3b12fbf7ad887d3fac529a81aaa61f3f56ce4ffa1f700685bf62d3b0
Opcode Fuzzy Hash: 46ba3d199a09601027e5286b1a6469659e7f7712cc03eaa8924597c0304b35ca
Instruction Fuzzy Hash: 63D18B71608301AFC304EF24D88196BB7E8FF94748F10592DF595AB292DB71ED46CB92

Function 00EE22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00EE22E8

Part of subcall function 00EDE4EC: GetWindowRect.USER32(?,?), ref: 00EDE504

GetDesktopWindow.USER32 ref: 00EE2312
GetWindowRect.USER32(00000000), ref: 00EE2319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00EE2355
GetCursorPos.USER32(?), ref: 00EE2381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00EE23DF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: ecede23a6e6bef002a918b8a757a544159bd5e76daea17eaa0edbe14160eb041
Instruction ID: 0f40470f9505d2ff9879f3a5f3b097ebfb15ab0b6d45ab52cea7134872a72ca6
Opcode Fuzzy Hash: ecede23a6e6bef002a918b8a757a544159bd5e76daea17eaa0edbe14160eb041
Instruction Fuzzy Hash: 6531DE7210434AAFCB20DF16C808B6BB7AAFB84714F10191DF984A7281DA34E909CB92

Function 00ED9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00ED9B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00ED9C8B

Part of subcall function 00ED3874: GetInputState.USER32 ref: 00ED38CB
Part of subcall function 00ED3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED3966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00ED9BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00ED9C75

Strings

*.*, xrefs: 00ED9B5D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: cb22d561c5b7e88e14d71534516b9c444328cff45ec0cfa637602ac71c9e3f94
Instruction ID: 1d02f7b0832c072b47da6ab6cd23ae33523febfb1b70bd486291f4e087671d46
Opcode Fuzzy Hash: cb22d561c5b7e88e14d71534516b9c444328cff45ec0cfa637602ac71c9e3f94
Instruction Fuzzy Hash: D6416D7194020AAFCF14DF64DD45AEEBBF8EF45354F245056E405B22A2EB309E45CF61

Function 00E7997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00E79A4E
GetSysColor.USER32(0000000F), ref: 00E79B23
SetBkColor.GDI32(?,00000000), ref: 00E79B36

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: c62859efaa5421c58695c2bdbcb944e5a5f01a6d97c7fb743a53f7f38510a7c9
Instruction ID: 125729a4ce62d856a1a10b0a7d6d2e7d01fb633c13ecd09309451e1849f96a4c
Opcode Fuzzy Hash: c62859efaa5421c58695c2bdbcb944e5a5f01a6d97c7fb743a53f7f38510a7c9
Instruction Fuzzy Hash: CDA14C7010A418AEE7249A3C8C48EFB369DEFC2354F25A10AF546F6A97CA259D01D375

Function 00EE1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00EE304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00EE307A
Part of subcall function 00EE304E: _wcslen.LIBCMT ref: 00EE309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00EE185D
WSAGetLastError.WSOCK32 ref: 00EE1884
bind.WSOCK32(00000000,?,00000010), ref: 00EE18DB
WSAGetLastError.WSOCK32 ref: 00EE18E6
closesocket.WSOCK32(00000000), ref: 00EE1915

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 0d113082b6d146c0089ec565e0176f0ca80bdafbc95a264af51587925d7ce004
Instruction ID: 6a8d81bb5e0e5aac8c133d23b754edc4bcd9f3189a7fe9541a8f3d3c31b6da26
Opcode Fuzzy Hash: 0d113082b6d146c0089ec565e0176f0ca80bdafbc95a264af51587925d7ce004
Instruction Fuzzy Hash: DB511670A402449FD710AF24D886F7A77E5AB84358F189088F95ABF3C3D771AD41CBA1

Function 00EF1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00EF1CC0
IsWindowEnabled.USER32 ref: 00EF1CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00EF1CDB
IsIconic.USER32 ref: 00EF1CE9
IsZoomed.USER32 ref: 00EF1CF7

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 67dbf0d06500a6f7b5789746b6139995a3a5026ac74802950e8d63ae824b4d5e
Instruction ID: 5447e4ea11d3fa37ce503d8d4d07ddf16882d9fd243d35f5b03eeab44da4d15e
Opcode Fuzzy Hash: 67dbf0d06500a6f7b5789746b6139995a3a5026ac74802950e8d63ae824b4d5e
Instruction Fuzzy Hash: 0921B4317402089FD7248F1AD844B76BBE5AF85315B29A098E945EB351C771DC46CB90

Function 00E68060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00E6843C
VUUU, xrefs: 00E683FA
ERCP, xrefs: 00E6813C
VUUU, xrefs: 00E683E8
VUUU, xrefs: 00EA5DF0

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 63dcead24255ab5544c2e3fb0e4075d7f6a5f60eba0b50793ae1bcb6d512c257
Instruction ID: e1dd76ab8d6454ca1da31c2db5d74927448f3326b3bf20b76226abffa0cf9cf0
Opcode Fuzzy Hash: 63dcead24255ab5544c2e3fb0e4075d7f6a5f60eba0b50793ae1bcb6d512c257
Instruction Fuzzy Hash: 06A29171E4021ACBDF24CF58D9407EEB7B1BF59354F24929AE815BB285DB30AD81CB50

Function 00E84CE8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00E928E9,(,00E84CBE,00000000,00F288B8,0000000C,00E84E15,(,00000002,00000000,?,00E928E9,00000003,00E92DF7,?,?), ref: 00E84D09
TerminateProcess.KERNEL32(00000000,?,00E928E9,00000003,00E92DF7,?,?,?,00E8E6D1,?,00F28A48,00000010,00E64F4A,?,?,00000000), ref: 00E84D10
ExitProcess.KERNEL32 ref: 00E84D22

Strings

(, xrefs: 00E84CEA

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID: (
API String ID: 1703294689-2063206799
Opcode ID: 8c60731689ea6db52b8d6cbf6582964a2bfb84c045ad3246ae8519958375c57b
Instruction ID: 478ee07082e5b1fa9b45883d52d1c386a008be264d02cc1554eea81d115ecd99
Opcode Fuzzy Hash: 8c60731689ea6db52b8d6cbf6582964a2bfb84c045ad3246ae8519958375c57b
Instruction Fuzzy Hash: 7CE0B6B1001149AFCF12BF65DE09A687B69EB81785B205054FC0DAA1A2DB35ED56DB80

Function 00ECAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00ECAAAC
SetKeyboardState.USER32(00000080), ref: 00ECAAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00ECAB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00ECAB88

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: cc0b1ae2f918fcd521a222d4744ceda08591ab42dd67288a521511f3adf0f284
Instruction ID: 9a3daea1d62e65a89ac91dc6793f6d82dd16f4748508801553128fe5277b8b38
Opcode Fuzzy Hash: cc0b1ae2f918fcd521a222d4744ceda08591ab42dd67288a521511f3adf0f284
Instruction Fuzzy Hash: D6310970A4020CAEEB358A65CE05FFA77B6AB44318F18522EF181B61D1D7768D86C752

Function 00EDCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00EDCE89
GetLastError.KERNEL32(?,00000000), ref: 00EDCEEA
SetEvent.KERNEL32(?,?,00000000), ref: 00EDCEFE

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 9f7d0cb4faa38a0839f01ac8e570269804c2f110864725ec59cc484bc04edc4b
Instruction ID: 690f41f4830d8add39af0bdb55981d07f2ff0cb15f78f28a8305d2280dd8bd21
Opcode Fuzzy Hash: 9f7d0cb4faa38a0839f01ac8e570269804c2f110864725ec59cc484bc04edc4b
Instruction Fuzzy Hash: 3721AEB16007069FE7209FA5C944BAA77FCEB40398F30541AE946E2251E770E906DB50

Function 00EC8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 00EC82AA

Strings

|, xrefs: 00EC82DA
(, xrefs: 00EC82F0

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: c7740c8d7eec2ab4f8a98d7b5481ec41a86a70f66333b8d95f5b1d4fcc5e506f
Instruction ID: 702695d572767705d4d0585fd9f1c08329c9659b6243782ccba979f086c62703
Opcode Fuzzy Hash: c7740c8d7eec2ab4f8a98d7b5481ec41a86a70f66333b8d95f5b1d4fcc5e506f
Instruction Fuzzy Hash: 59323775A006059FC728CF19C680E6AB7F0FF48714B11D56EE49AEB3A1EB70E942CB40

Function 00ED5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00ED5CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00ED5D17
FindClose.KERNEL32(?), ref: 00ED5D5F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 79e5a947c7f87150492e7a1589d08f68e1ba43817aff2811db3caab367cf790b
Instruction ID: 00e1202570a7d8a2566354ea2ac028bc2307ef08b9f960ed08ac324bb31caa71
Opcode Fuzzy Hash: 79e5a947c7f87150492e7a1589d08f68e1ba43817aff2811db3caab367cf790b
Instruction Fuzzy Hash: 6651BC35600A019FC714CF28D484EAAB7E4FF49318F24955EE99A9B3A1CB30EC05CFA1

Function 00E92622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00E9271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E92724
UnhandledExceptionFilter.KERNEL32(?), ref: 00E92731

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 4a05f6da2069d2a9af996e462d20e3b10b6f59c39ac672301dc4631a217c8271
Instruction ID: 4b6dc396ed0472a0656a166667a9892714e90dbf7e05c96b5e62605dff873636
Opcode Fuzzy Hash: 4a05f6da2069d2a9af996e462d20e3b10b6f59c39ac672301dc4631a217c8271
Instruction Fuzzy Hash: 8131C27490121CABCB21DF68DD8879CBBB8AF08310F6051EAE91CB6261E7309F858F44

Function 00ED51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00ED51DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00ED5238
SetErrorMode.KERNEL32(00000000), ref: 00ED52A1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 8a1b316e488fe564be680dc9661c854398901b7ed765d991d3bb227d561cf242
Instruction ID: 78260a372cc943ed6209634b35108419059adafbb5c3b0c8d7989cef2f5085d0
Opcode Fuzzy Hash: 8a1b316e488fe564be680dc9661c854398901b7ed765d991d3bb227d561cf242
Instruction Fuzzy Hash: 8C314175A00518DFDB00DF54D884EADBBF5FF49318F189099E845AB362DB31E85ACB90

Function 00EC16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00E7FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00E80668
Part of subcall function 00E7FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00E80685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EC170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EC173A
GetLastError.KERNEL32 ref: 00EC174A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: c1fb44472b26cc29ed405b4efffe1641b62ed996094a28b0dc5bb022daba2800
Instruction ID: 673e55cec74472141419d18359a8b00737fb19785611e98f4a1c6600fa594d2b
Opcode Fuzzy Hash: c1fb44472b26cc29ed405b4efffe1641b62ed996094a28b0dc5bb022daba2800
Instruction Fuzzy Hash: E211C1B2500308FFD7289F54DD86E6AB7F9EB45714B20856EE05663241EB71BC42CB20

Function 00ECD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00ECD608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00ECD645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00ECD650

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 5cb109242442644dc1a8a667c8f1b777967075c849776f22599de7845e3f9aa3
Instruction ID: d7bc84b850e40a0b2c1fafb6e0eab2b4e969e8c46bab279b42f5539516708c06
Opcode Fuzzy Hash: 5cb109242442644dc1a8a667c8f1b777967075c849776f22599de7845e3f9aa3
Instruction Fuzzy Hash: DF1170B1E05228BFDB108F959D44FAFBBBCEB45B50F208125F904F7290C2704A05CBA1

Function 00EC1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00EC168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00EC16A1
FreeSid.ADVAPI32(?), ref: 00EC16B1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: b7faf7c8c31be8734794b2d06784e55342e991e1799fdad725b1801b4e3505a6
Instruction ID: 8dfad69924ef9bd31f366a544d7636960ccbb96eebefbdbbc5e66f36ffc032bd
Opcode Fuzzy Hash: b7faf7c8c31be8734794b2d06784e55342e991e1799fdad725b1801b4e3505a6
Instruction Fuzzy Hash: C6F0447194030CFFDB00CFE08D89EAEBBBCEB08204F2048A4E500E2181E730AA089A50

Function 00E9C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

/, xrefs: 00E9C36C

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 5309ed2cf8f3967f7337ce48726510d5ec15918e569233d35828afd67cd645b9
Instruction ID: 1d1f37463ad2af86cb3874d984782985eb75e4a345d7940ab902629657a4f64a
Opcode Fuzzy Hash: 5309ed2cf8f3967f7337ce48726510d5ec15918e569233d35828afd67cd645b9
Instruction Fuzzy Hash: 13414B72500619AFCF20EFB9CC48DBB77B8EB84358F6042A9F905E7180E6709D81CB50

Function 00EBD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00EBD28C

Strings

X64, xrefs: 00EBD2A8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 82adc534a6b1c07dd632f7998fdd969b3d901e18541168beb614a01e496b7059
Instruction ID: 63fb96c82167815865354720312c21e3cda7cdc5e5a87992783d43689d914299
Opcode Fuzzy Hash: 82adc534a6b1c07dd632f7998fdd969b3d901e18541168beb614a01e496b7059
Instruction Fuzzy Hash: 4AD0C9B480511DEECB94CB90DC88DDAB37CBF04305F205155F106B2000DB3095498F10

Function 00E8CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: 1d3f515b954367f98f020b4034e146007427142f817b9708040be8b7b94c9670
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: 8D020A71E002199BDF14DFA9C8806ADFBF1EF49314F25916AE91DFB280D731AA41CB94

Function 00ED68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00ED6918
FindClose.KERNEL32(00000000), ref: 00ED6961

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 7cbb0d907bc0315d7758c77cbcd9d9ff19dbdbf16d581c472827cc22c3a1147e
Instruction ID: f9310921991fd1f0977cff7541c3ae7c4085a991381e480aa3d260272ce108a0
Opcode Fuzzy Hash: 7cbb0d907bc0315d7758c77cbcd9d9ff19dbdbf16d581c472827cc22c3a1147e
Instruction Fuzzy Hash: 1D1190316046409FD710DF69D488A26BBE5FFC9328F14D69AE4699F3A2C730EC06CB91

Function 00ED37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00EE4891,?,?,00000035,?), ref: 00ED37E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00EE4891,?,?,00000035,?), ref: 00ED37F4

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 57b8fe6dd0288eff2ae01d5971cad666262c135064dcd03b9368150361e9450b
Instruction ID: 602decf2f53eaa1d5148a65d244519d0518143d128b93177547b524791dd2e04
Opcode Fuzzy Hash: 57b8fe6dd0288eff2ae01d5971cad666262c135064dcd03b9368150361e9450b
Instruction Fuzzy Hash: 69F055B07012292EE72013B68C4CFEB3AAEEFC47A0F100163F508F2281C9609908C6B0

Function 00ECB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00ECB25D
keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00ECB270

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 85ebb98e75f14e32689d46f80f3ea61ba2b10116fe3a4f498b2860785639848f
Instruction ID: 06ded0617d948dc3d0d55399fc8e203706dd16b116769b0294baaef0cb430422
Opcode Fuzzy Hash: 85ebb98e75f14e32689d46f80f3ea61ba2b10116fe3a4f498b2860785639848f
Instruction Fuzzy Hash: F1F01D7180424DAFDB059FA1C906BFE7BB4FF08309F10940AF955A51A1C3799615DF94

Function 00EC10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00EC11FC), ref: 00EC10D4
CloseHandle.KERNEL32(?,?,00EC11FC), ref: 00EC10E9

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: e08c5fe16f623e9d2430c426804d2d43f6950224b4452cf2b9c36314c4bad485
Instruction ID: 9bae42c26d9c5622317596ebeb48179f596bd2a34b65864b6b9701719e93aa6e
Opcode Fuzzy Hash: e08c5fe16f623e9d2430c426804d2d43f6950224b4452cf2b9c36314c4bad485
Instruction Fuzzy Hash: F5E0BF72018610AEE7252B51FD05F7777E9EF04320F24C86DF5A5904B1DB626C91DB54

Function 00E6CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00EB0C40

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: 04a2f754b564b844bb89b55f5b0fc6da43bd5fe764d09a50fa7cd05457a75f0f
Instruction ID: 3d1db921c466dd925040ca56c27f61b8b388cb07f98f544b7a9a97465979b4cd
Opcode Fuzzy Hash: 04a2f754b564b844bb89b55f5b0fc6da43bd5fe764d09a50fa7cd05457a75f0f
Instruction Fuzzy Hash: 05328F70A40218DBCF14DF90E885AFEB7F5BF04388F24A069E846BB292D775AD45CB51

Function 00E9676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00E96766,?,?,00000008,?,?,00E9FEFE,00000000), ref: 00E96998

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: f189e87bb20cdca1d2bef4820f5e0eb74bc39684f09368ea51746bc3fd3b23f6
Instruction ID: c1202090567a59d788eb06afab9280e2ac33faac2d8c4bbb740115cb4c9726d7
Opcode Fuzzy Hash: f189e87bb20cdca1d2bef4820f5e0eb74bc39684f09368ea51746bc3fd3b23f6
Instruction Fuzzy Hash: 82B16E71610608DFDB19CF28C48ABA57BE0FF45368F25D65AE899DF2A2C335D981CB40

Function 00E7B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 00EB851F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: e442fcc5ed1f06e4d9e128594baaf003e04884e4887b3508e2ab8657ab4173b3
Instruction ID: 6358c52ced5ebf56a086f5455d32c3219783edb6d7e81ba22a095604d565b086
Opcode Fuzzy Hash: e442fcc5ed1f06e4d9e128594baaf003e04884e4887b3508e2ab8657ab4173b3
Instruction Fuzzy Hash: 571251759002299BCB24CF58C9807EEB7F5FF48710F14919AE849FB255EB749E81CB90

Function 00EDEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00EDEABD

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: e478783bff1138f96968e5738a87b594feb9158cc24992b251f03653ca44ab1a
Instruction ID: 0eb05a33525f4c267b5da3fb2801c86b1eb94fa3db1e19262394c8a6dc7db504
Opcode Fuzzy Hash: e478783bff1138f96968e5738a87b594feb9158cc24992b251f03653ca44ab1a
Instruction Fuzzy Hash: 5EE012312002059FC710EF59D404D9AB7D9EF987A4F109416FC45EB351D670A8458B90

Function 00E809D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00E803EE), ref: 00E809DA

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 6159c517cd0c9db8f6ef7c1f2b2b0b59a93ac4f9dac9e2b7f4e72d8281e55122
Instruction ID: 795ac02d112859ab49f89cd6b35c5d1af2194ac0ffc6cfe0f1dbb5874e89439d
Opcode Fuzzy Hash: 6159c517cd0c9db8f6ef7c1f2b2b0b59a93ac4f9dac9e2b7f4e72d8281e55122
Instruction Fuzzy Hash:

Function 00E8781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 00E8798B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 3cc61938671e0e47e1c351c395fc9144648bcb65c8698ea6c3444c813b15831b
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: E551A52160C7155BDB3CB968898E7FE27C99B82388F383409D8CEF7282DA11DE41D352

Function 00E96DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a87a5b14680cb9a8ba19fdbbe71be3e1b284a1bdafa6ecc61fec7e553ab58f0
Instruction ID: 61173f0c2c2152437657e228ec1ae1dd6c805f8f36930d0e37eae45b1e50fe61
Opcode Fuzzy Hash: 4a87a5b14680cb9a8ba19fdbbe71be3e1b284a1bdafa6ecc61fec7e553ab58f0
Instruction Fuzzy Hash: 29323322D79F014DDB639634CC26336A289BFB73C5F15E737E85AB59A6EB28C4835100

Function 00E7CC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 835ea0966c74a1fff0c55d924643937ca9ded9cb430b7b30c6e684c05c69c134
Instruction ID: cfbbc8c06dc705886feb8a7bf491e87a51febef7ca1a3f958237d2318702e7d7
Opcode Fuzzy Hash: 835ea0966c74a1fff0c55d924643937ca9ded9cb430b7b30c6e684c05c69c134
Instruction Fuzzy Hash: D6322731A081198BDF39CF28C4D06FEBBA5EB45308F38A56AD45AFB291D634DD81DB41

Function 00E67920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b757aeab957f4f77491a0d6a2264cf5d382848b2865e2d1c5ec6164d9edcad69
Instruction ID: aa00d89a1333e055b055289d945c1d55a8316cd72481e8618961decd82cce70f
Opcode Fuzzy Hash: b757aeab957f4f77491a0d6a2264cf5d382848b2865e2d1c5ec6164d9edcad69
Instruction Fuzzy Hash: 5D22DFB1A006099FDF14CFA4D841AEEB3F6FF49344F206129E856BB291EB35AD15CB50

Function 00E691C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24dce95d61ea6e9e5377d08067b01ff69ce204d8a96660c512a501696ce55401
Instruction ID: c39a5938b4e75b46bd14e11db490089a1e2a70046019e01c2d1fd3feb85f1c82
Opcode Fuzzy Hash: 24dce95d61ea6e9e5377d08067b01ff69ce204d8a96660c512a501696ce55401
Instruction Fuzzy Hash: F902B7B0A00109EBDB14DF64D881AAEB7F5FF49354F119169E80ABB391E731AE11CB91

Function 00E99EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ad09b276d87a16badc7d040b69f40ffb7d35b1e0d77753b5056367fd2a750eb
Instruction ID: 25717555a3555b38bafc081529887ef82dc874baaf187572c5ac77679844e949
Opcode Fuzzy Hash: 7ad09b276d87a16badc7d040b69f40ffb7d35b1e0d77753b5056367fd2a750eb
Instruction Fuzzy Hash: 16B11220E2AF444DD72396398871336B65CBFBB6D5F92D31BFC2674D62EB2286835140

Function 00E81C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: 717e4b2752974680626d48df1b347c922d85aca2ea0675de94ff754345913232
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 6291A9722080A34ADB2D563E843417DFFE55A923A631A27DED4FEEA1C1FE20C955D720

Function 00E819B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: 356964031cf59ee82049e91c22c04b27002e6fb1044ecd7628be87f48c043280
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: 4391C2722090A34ADB2D527A857407DFFE94A923A630A17DED4FEEA1C1FE10C5569720

Function 00E87A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d42b98b104c7d552bd3ab179e8297668bd99fa33a079a05f8fd984374424545
Instruction ID: 1fb7e82ada5dd29181a2ec6349b5a89d927538a6623c6586a580c277a61038cf
Opcode Fuzzy Hash: 5d42b98b104c7d552bd3ab179e8297668bd99fa33a079a05f8fd984374424545
Instruction Fuzzy Hash: DE61893124870956DA38BA288D95BFEA3D7DF51708F343959E8CEFB281D611DE42C315

Function 00E87CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 310e6d1c1d4c583c71df8e7d14d6b096fa629cd1f9c312969011f8910c7c1490
Instruction ID: d693e5a83c45788380df43f0351c34566f1f6a51a128465ab413ff4ba3ff63d2
Opcode Fuzzy Hash: 310e6d1c1d4c583c71df8e7d14d6b096fa629cd1f9c312969011f8910c7c1490
Instruction Fuzzy Hash: 5661473160C70996DA38BA284955BBE6384AF43748F30395DE8CEFB2C1EA12ED428355

Function 00E81706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: 925d44c7cbef1ff0b601408b87db0cac3dfd44581623eb3ed2b7e7b39e659584
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: 4D81C3326080A30EDB2D523A853407EFFE55A923A531A27DED4FEEB1C1EE24C555E720

Function 00E7D063 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f9928efed8c0635a7325ea99df355544910aaab824386effac2a8e66a3a10f8
Instruction ID: a5e8ff2bba1807284984226036939af4cf020450a5a85c97009b88bb0def16e8
Opcode Fuzzy Hash: 8f9928efed8c0635a7325ea99df355544910aaab824386effac2a8e66a3a10f8
Instruction Fuzzy Hash: A551808694EFC65FD30382748CAA4E5AF758C471303ACE7DF8189166CBE689050BD786

Function 00ED2046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f98c7f8ac2f996c05fb8adcb95aa740c9edd7e6bd27971725bd9e05a91e3d660
Instruction ID: 74799fc568e47eed03a4456237650c697bf7b66aea861b64c496204be1fa5573
Opcode Fuzzy Hash: f98c7f8ac2f996c05fb8adcb95aa740c9edd7e6bd27971725bd9e05a91e3d660
Instruction Fuzzy Hash: 9D21D5323206158BDB28CE79C82367A73E5EB64320F14862EE4A7D33D0DE35A904DB80

Function 00EE2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00EE2B30
DeleteObject.GDI32(00000000), ref: 00EE2B43
DestroyWindow.USER32 ref: 00EE2B52
GetDesktopWindow.USER32 ref: 00EE2B6D
GetWindowRect.USER32(00000000), ref: 00EE2B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00EE2CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00EE2CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2CF8
GetClientRect.USER32(00000000,?), ref: 00EE2D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00EE2D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2D80
GlobalLock.KERNEL32(00000000), ref: 00EE2D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2D98
GlobalUnlock.KERNEL32(00000000), ref: 00EE2DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2DA8
GlobalFree.KERNEL32(00000000), ref: 00EE2DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,00EFFC38,00000000), ref: 00EE2DDB
GlobalFree.KERNEL32(00000000), ref: 00EE2DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00EE2E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00EE2E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE303F

Strings

DISPLAY, xrefs: 00EE2EA2
static, xrefs: 00EE2D3A, 00EE2E91
, xrefs: 00EE2FC5
AutoIt v3, xrefs: 00EE2CF2

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 1e5b20307d995bef1d05d336b79caa2dd18ec57c609a9a2b2a77a39e41968186
Instruction ID: d7b0e332e65107315e7d42124c84823cc3ab9fb99008c26570c7273f60cbefa0
Opcode Fuzzy Hash: 1e5b20307d995bef1d05d336b79caa2dd18ec57c609a9a2b2a77a39e41968186
Instruction Fuzzy Hash: 65029D71A00208AFDB14DF65CD89EAE7BB9FF48714F208158F915BB2A1DB70AD05CB60

Function 00EF70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00EF712F
GetSysColorBrush.USER32(0000000F), ref: 00EF7160
GetSysColor.USER32(0000000F), ref: 00EF716C
SetBkColor.GDI32(?,000000FF), ref: 00EF7186
SelectObject.GDI32(?,?), ref: 00EF7195
InflateRect.USER32(?,000000FF,000000FF), ref: 00EF71C0
GetSysColor.USER32(00000010), ref: 00EF71C8
CreateSolidBrush.GDI32(00000000), ref: 00EF71CF
FrameRect.USER32(?,?,00000000), ref: 00EF71DE
DeleteObject.GDI32(00000000), ref: 00EF71E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00EF7230
FillRect.USER32(?,?,?), ref: 00EF7262
GetWindowLongW.USER32(?,000000F0), ref: 00EF7284

Part of subcall function 00EF73E8: GetSysColor.USER32(00000012), ref: 00EF7421
Part of subcall function 00EF73E8: SetTextColor.GDI32(?,?), ref: 00EF7425
Part of subcall function 00EF73E8: GetSysColorBrush.USER32(0000000F), ref: 00EF743B
Part of subcall function 00EF73E8: GetSysColor.USER32(0000000F), ref: 00EF7446
Part of subcall function 00EF73E8: GetSysColor.USER32(00000011), ref: 00EF7463
Part of subcall function 00EF73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00EF7471
Part of subcall function 00EF73E8: SelectObject.GDI32(?,00000000), ref: 00EF7482
Part of subcall function 00EF73E8: SetBkColor.GDI32(?,00000000), ref: 00EF748B
Part of subcall function 00EF73E8: SelectObject.GDI32(?,?), ref: 00EF7498
Part of subcall function 00EF73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00EF74B7
Part of subcall function 00EF73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00EF74CE
Part of subcall function 00EF73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00EF74DB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: bebfa0e76457dec757b989cfbd9bed41cd204b76d6143318e76071586f8f9a38
Instruction ID: d399d539852f9b4b563ff356342a4726569c4030706c4de78ff937ef802c5b4a
Opcode Fuzzy Hash: bebfa0e76457dec757b989cfbd9bed41cd204b76d6143318e76071586f8f9a38
Instruction Fuzzy Hash: AFA19571009309AFD7009F61DD48EBB77A9FB89320F301A19F6A2A61E1D771D949CB51

Function 00E78D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00E78E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00EB6AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00EB6AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00EB6F43

Part of subcall function 00E78F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00E78BE8,?,00000000,?,?,?,?,00E78BBA,00000000,?), ref: 00E78FC5

SendMessageW.USER32(?,00001053), ref: 00EB6F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00EB6F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00EB6FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00EB6FB7

Strings

0, xrefs: 00EB6DCF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: 2ed147a75ac6a06ed24f4276eff72fead140cdf3296cd8b7e1f739d357595dca
Instruction ID: 1f71da76bba30c4cca81b0ca4d61f50f4e5667a753b9a46005dc2f61e3edbfa4
Opcode Fuzzy Hash: 2ed147a75ac6a06ed24f4276eff72fead140cdf3296cd8b7e1f739d357595dca
Instruction Fuzzy Hash: C712BD30601205DFDB25DF24CA88BFABBF1FB54314F24A469E489AB261CB35E852DF51

Function 00EE2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00EE273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00EE286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00EE28A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00EE28B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00EE2900
GetClientRect.USER32(00000000,?), ref: 00EE290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00EE2955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00EE2964
GetStockObject.GDI32(00000011), ref: 00EE2974
SelectObject.GDI32(00000000,00000000), ref: 00EE2978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00EE2988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EE2991
DeleteDC.GDI32(00000000), ref: 00EE299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00EE29C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 00EE29DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00EE2A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00EE2A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00EE2A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00EE2A77
GetStockObject.GDI32(00000011), ref: 00EE2A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00EE2A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00EE2A97

Strings

msctls_progress32, xrefs: 00EE2A13
DISPLAY, xrefs: 00EE295A
static, xrefs: 00EE294F, 00EE2A71
AutoIt v3, xrefs: 00EE28F8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 43050a47629c090540b32f08fa9e29b28290448a7482314d2d1b707b71d51091
Instruction ID: 2cd574395ebe07bbbd7aa2f5724ae9e893e83142b7f7c9b3c50bc720fec6b029
Opcode Fuzzy Hash: 43050a47629c090540b32f08fa9e29b28290448a7482314d2d1b707b71d51091
Instruction Fuzzy Hash: 73B17B71A40209AFEB14DFA9DD49EAE7BA9FB48710F104119FA15E7290D770ED44CBA0

Function 00ED4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00ED4AED
GetDriveTypeW.KERNEL32(?,00EFCB68,?,\\.\,00EFCC08), ref: 00ED4BCA
SetErrorMode.KERNEL32(00000000,00EFCB68,?,\\.\,00EFCC08), ref: 00ED4D36

Strings

Fibre, xrefs: 00ED4CAD
Fixed, xrefs: 00ED4C09
SSD, xrefs: 00ED4C4A
USB, xrefs: 00ED4CB4
CDROM, xrefs: 00ED4BFB
Removable, xrefs: 00ED4C10, 00ED4C15
\\.\, xrefs: 00ED4B3F
Virtual, xrefs: 00ED4CE5
ATAPI, xrefs: 00ED4C91
ATA, xrefs: 00ED4C98
Unknown, xrefs: 00ED4BED, 00ED4C83
Network, xrefs: 00ED4C02
FileBackedVirtual, xrefs: 00ED4CEC
SATA, xrefs: 00ED4CD0
RAMDisk, xrefs: 00ED4BF4
1394, xrefs: 00ED4C9F
PhysicalDrive, xrefs: 00ED4B76
SCSI, xrefs: 00ED4C8A
RAID, xrefs: 00ED4CBB
iSCSI, xrefs: 00ED4CC2
MMC, xrefs: 00ED4CDE
SAS, xrefs: 00ED4CC9
SSA, xrefs: 00ED4CA6

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 0f0f1da964be8c267a5b4fe5de7b656cfc234202d1d46124cbb3c0cd2053fdf8
Instruction ID: abacd1f1d405acf23b3f0b3e4fc5ae54d43cce10ca156ad2e122d3bb15881b9f
Opcode Fuzzy Hash: 0f0f1da964be8c267a5b4fe5de7b656cfc234202d1d46124cbb3c0cd2053fdf8
Instruction Fuzzy Hash: 2661D5B1656109DBDB04DF14DA81AB8B7B1EB64344B206417F806FB3D2DB32ED42EB42

Function 00EF73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00EF7421
SetTextColor.GDI32(?,?), ref: 00EF7425
GetSysColorBrush.USER32(0000000F), ref: 00EF743B
GetSysColor.USER32(0000000F), ref: 00EF7446
CreateSolidBrush.GDI32(?), ref: 00EF744B
GetSysColor.USER32(00000011), ref: 00EF7463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00EF7471
SelectObject.GDI32(?,00000000), ref: 00EF7482
SetBkColor.GDI32(?,00000000), ref: 00EF748B
SelectObject.GDI32(?,?), ref: 00EF7498
InflateRect.USER32(?,000000FF,000000FF), ref: 00EF74B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00EF74CE
GetWindowLongW.USER32(00000000,000000F0), ref: 00EF74DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00EF752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00EF7554
InflateRect.USER32(?,000000FD,000000FD), ref: 00EF7572
DrawFocusRect.USER32(?,?), ref: 00EF757D
GetSysColor.USER32(00000011), ref: 00EF758E
SetTextColor.GDI32(?,00000000), ref: 00EF7596
DrawTextW.USER32(?,00EF70F5,000000FF,?,00000000), ref: 00EF75A8
SelectObject.GDI32(?,?), ref: 00EF75BF
DeleteObject.GDI32(?), ref: 00EF75CA
SelectObject.GDI32(?,?), ref: 00EF75D0
DeleteObject.GDI32(?), ref: 00EF75D5
SetTextColor.GDI32(?,?), ref: 00EF75DB
SetBkColor.GDI32(?,?), ref: 00EF75E5

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: de8be23ea8cf3c6c2b0668a624dd19b564360cd8472042e7f9b495d8c192627f
Instruction ID: 5daf5c41c3d0950a2cf074a708539f19b37f2298922d5d0ce6de532f2ce472ef
Opcode Fuzzy Hash: de8be23ea8cf3c6c2b0668a624dd19b564360cd8472042e7f9b495d8c192627f
Instruction Fuzzy Hash: 72615A7290421CAFDF019FA5DD49EEEBFB9EB48320F214115FA15BB2A1D7709944CB90

Function 00EF0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00EF1128
GetDesktopWindow.USER32 ref: 00EF113D
GetWindowRect.USER32(00000000), ref: 00EF1144
GetWindowLongW.USER32(?,000000F0), ref: 00EF1199
DestroyWindow.USER32(?), ref: 00EF11B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00EF11ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EF120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00EF121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00EF1232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00EF1245
IsWindowVisible.USER32(00000000), ref: 00EF12A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00EF12BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00EF12D0
GetWindowRect.USER32(00000000,?), ref: 00EF12E8
MonitorFromPoint.USER32(?,?,00000002), ref: 00EF130E
GetMonitorInfoW.USER32(00000000,?), ref: 00EF1328
CopyRect.USER32(?,?), ref: 00EF133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 00EF13AA

Strings

0, xrefs: 00EF10D3
tooltips_class32, xrefs: 00EF11E6
(, xrefs: 00EF131B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: a8e2e981d31e538a218d093205b638d606eb83c7b121b324931f8f08d3552c56
Instruction ID: fa087b2544b23cf9abf033995201b0eedfe3083dcdc368e7f57e2836330a9a35
Opcode Fuzzy Hash: a8e2e981d31e538a218d093205b638d606eb83c7b121b324931f8f08d3552c56
Instruction Fuzzy Hash: C5B1B071608349EFD700DF64C884BAABBE4FF84754F10995CFA99AB261D770D844CB51

Function 00EF0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00EF02E5
_wcslen.LIBCMT ref: 00EF031F
_wcslen.LIBCMT ref: 00EF0389
_wcslen.LIBCMT ref: 00EF03F1
_wcslen.LIBCMT ref: 00EF0475
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00EF04C5
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00EF0504

Part of subcall function 00E7F9F2: _wcslen.LIBCMT ref: 00E7F9FD

Part of subcall function 00EC223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00EC2258
Part of subcall function 00EC223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00EC228A

Strings

GETITEMCOUNT, xrefs: 00EF0316, 00EF0337
SELECT, xrefs: 00EF0548
GETSUBITEMCOUNT, xrefs: 00EF0384, 00EF039F
SELECTINVERT, xrefs: 00EF057E
SELECTCLEAR, xrefs: 00EF052D
DESELECT, xrefs: 00EF059C
GETTEXT, xrefs: 00EF03EC, 00EF0407
GETSELECTED, xrefs: 00EF05E1
SELECTALL, xrefs: 00EF0515
VIEWCHANGE, xrefs: 00EF0675
FINDITEM, xrefs: 00EF0627
ISSELECTED, xrefs: 00EF04DD
GETSELECTEDCOUNT, xrefs: 00EF0470, 00EF048B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 1103490817-719923060
Opcode ID: 5afabed3b71607a993d47eb0c49d0351583009c8754cde128c2e7c3d9ecc8d0e
Instruction ID: 0de469adcb67cb815412d5edc694429d20c947413f5f3f6c4a4c5fb165163df3
Opcode Fuzzy Hash: 5afabed3b71607a993d47eb0c49d0351583009c8754cde128c2e7c3d9ecc8d0e
Instruction Fuzzy Hash: C5E1A0312083058FC724EF24D55097AB3E6BFC8758B14A95DF996BB2A2DB30ED45CB41

Function 00E78891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E78968
GetSystemMetrics.USER32(00000007), ref: 00E78970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E7899B
GetSystemMetrics.USER32(00000008), ref: 00E789A3
GetSystemMetrics.USER32(00000004), ref: 00E789C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00E789E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00E789F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00E78A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00E78A3C
GetClientRect.USER32(00000000,000000FF), ref: 00E78A5A
GetStockObject.GDI32(00000011), ref: 00E78A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00E78A81

Part of subcall function 00E7912D: GetCursorPos.USER32(?), ref: 00E79141
Part of subcall function 00E7912D: ScreenToClient.USER32(00000000,?), ref: 00E7915E
Part of subcall function 00E7912D: GetAsyncKeyState.USER32(00000001), ref: 00E79183
Part of subcall function 00E7912D: GetAsyncKeyState.USER32(00000002), ref: 00E7919D

SetTimer.USER32(00000000,00000000,00000028,00E790FC), ref: 00E78AA8

Strings

AutoIt v3 GUI, xrefs: 00E78A20

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 62f8989ccec2c7fecb85ec9840b04f681beb5f6085145a2cee2e24d2597528b7
Instruction ID: bf57b0b5eaf42b4e2cb49aaec69041b76fc2340f8ade5e96dfc3d60bc9037fd4
Opcode Fuzzy Hash: 62f8989ccec2c7fecb85ec9840b04f681beb5f6085145a2cee2e24d2597528b7
Instruction Fuzzy Hash: F4B17D71A002099FDB14DF68CD59BEE3BB5FB48314F21922AFA19B7290DB74E840CB51

Function 00EC0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00EC1114
Part of subcall function 00EC10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1120
Part of subcall function 00EC10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC112F
Part of subcall function 00EC10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1136
Part of subcall function 00EC10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00EC114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00EC0DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00EC0E29
GetLengthSid.ADVAPI32(?), ref: 00EC0E40
GetAce.ADVAPI32(?,00000000,?), ref: 00EC0E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00EC0E96
GetLengthSid.ADVAPI32(?), ref: 00EC0EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00EC0EB5
HeapAlloc.KERNEL32(00000000), ref: 00EC0EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00EC0EDD
CopySid.ADVAPI32(00000000), ref: 00EC0EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00EC0F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00EC0F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00EC0F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0F6E
HeapFree.KERNEL32(00000000), ref: 00EC0F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0F7E
HeapFree.KERNEL32(00000000), ref: 00EC0F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0F8E
HeapFree.KERNEL32(00000000), ref: 00EC0F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00EC0FA1
HeapFree.KERNEL32(00000000), ref: 00EC0FA8

Part of subcall function 00EC1193: GetProcessHeap.KERNEL32(00000008,00EC0BB1,?,00000000,?,00EC0BB1,?), ref: 00EC11A1
Part of subcall function 00EC1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00EC0BB1,?), ref: 00EC11A8
Part of subcall function 00EC1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00EC0BB1,?), ref: 00EC11B7

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: ec8b93969d03b8389d4298de4256761f7b8a0d4c6a98b1ac0158b07ad4b73e2c
Instruction ID: ad3ad353b4e4cdee058b7f36171a211e5168e3fbb85565cb3ed350f63fe330d5
Opcode Fuzzy Hash: ec8b93969d03b8389d4298de4256761f7b8a0d4c6a98b1ac0158b07ad4b73e2c
Instruction Fuzzy Hash: 02716F71A0020AEFDF209FA5DE44FAEBBB8BF45304F244119F919F6151D7319A5ACB60

Function 00EEC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EEC4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,00EFCC08,00000000,?,00000000,?,?), ref: 00EEC544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00EEC5A4
_wcslen.LIBCMT ref: 00EEC5F4
_wcslen.LIBCMT ref: 00EEC66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00EEC6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00EEC7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00EEC84D
RegCloseKey.ADVAPI32(?), ref: 00EEC881
RegCloseKey.ADVAPI32(00000000), ref: 00EEC88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00EEC960

Strings

REG_BINARY, xrefs: 00EEC913
REG_EXPAND_SZ, xrefs: 00EEC5CD
REG_DWORD, xrefs: 00EEC804
REG_MULTI_SZ, xrefs: 00EEC6F5
REG_SZ, xrefs: 00EEC644
REG_QWORD, xrefs: 00EEC8C3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: c3fc842ae6e83c83ec549fd71afc9b11b715353654f4c420f005fde443e11456
Instruction ID: ba300756bb25d11908ca1e5b36945eafd196087720f4e1601149b76d1cc8e5b8
Opcode Fuzzy Hash: c3fc842ae6e83c83ec549fd71afc9b11b715353654f4c420f005fde443e11456
Instruction Fuzzy Hash: 55128D356042419FC714DF15D881A2AB7E5FF88754F24989DF88AAB3A2DB31FC42CB81

Function 00EF091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00EF09C6
_wcslen.LIBCMT ref: 00EF0A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00EF0A54
_wcslen.LIBCMT ref: 00EF0A8A
_wcslen.LIBCMT ref: 00EF0B06
_wcslen.LIBCMT ref: 00EF0B81

Part of subcall function 00E7F9F2: _wcslen.LIBCMT ref: 00E7F9FD

Part of subcall function 00EC2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00EC2BFA

Strings

CHECK, xrefs: 00EF0A85, 00EF0AA0
COLLAPSE, xrefs: 00EF0B01, 00EF0B1C
GETITEMCOUNT, xrefs: 00EF0C1E
GETTEXT, xrefs: 00EF0C97
ISCHECKED, xrefs: 00EF0CE1
SELECT, xrefs: 00EF0D11
GETSELECTED, xrefs: 00EF0C4E
UNCHECK, xrefs: 00EF0D3E
EXPAND, xrefs: 00EF0BF8
EXISTS, xrefs: 00EF0B7C, 00EF0B97
GETTOTALCOUNT, xrefs: 00EF09F2, 00EF0A17

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 22de28d1d26802a76d22ef82b42823f709f01fa89d4356aaabab9824aaea7110
Instruction ID: 37c41d06d97670cd44c78957028af8a360c16d1e2eca9ddadf25e13a9d599143
Opcode Fuzzy Hash: 22de28d1d26802a76d22ef82b42823f709f01fa89d4356aaabab9824aaea7110
Instruction Fuzzy Hash: 4BE1DA312087058FC714EF24C45097AB7E2BF88358B50A99DF99ABB3A2D731ED45CB81

Function 00EEC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EEB6AE,?,?), ref: 00EEC9B5
_wcslen.LIBCMT ref: 00EEC9F1
_wcslen.LIBCMT ref: 00EECA68
_wcslen.LIBCMT ref: 00EECA9E
_wcslen.LIBCMT ref: 00EECAF9
_wcslen.LIBCMT ref: 00EECB2F
_wcslen.LIBCMT ref: 00EECB7F

Strings

HKEY_LOCAL_MACHINE, xrefs: 00EECA62, 00EECA67
HKEY_CLASSES_ROOT, xrefs: 00EECAF3, 00EECAF8
HKU, xrefs: 00EECBF0
HKEY_CURRENT_USER, xrefs: 00EECBBD
HKCC, xrefs: 00EECBAC
HKCR, xrefs: 00EECB29, 00EECB2E
HKLM, xrefs: 00EECA98, 00EECA9D
HKEY_CURRENT_CONFIG, xrefs: 00EECB79, 00EECB7E
HKCU, xrefs: 00EECBCE
HKEY_USERS, xrefs: 00EECBDF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 8731913019e0136a952b55b3c9b4523c5115010b692e068bd2bdfd5b9abe1e0e
Instruction ID: 0b9b13fd5c170c9986e0649b38991c606902b2b18d4752016d9ba2b2dd9a5970
Opcode Fuzzy Hash: 8731913019e0136a952b55b3c9b4523c5115010b692e068bd2bdfd5b9abe1e0e
Instruction Fuzzy Hash: 597119326001AE8BCB20EE7ED9415FF3395ABA0758B312534F86EB7285E631CD42D390

Function 00EF833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00EF835A
_wcslen.LIBCMT ref: 00EF836E
_wcslen.LIBCMT ref: 00EF8391
_wcslen.LIBCMT ref: 00EF83B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00EF83F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00EF5BF2), ref: 00EF844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00EF8487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00EF84CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00EF8501
FreeLibrary.KERNEL32(?), ref: 00EF850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00EF851D
DestroyIcon.USER32(?,?,?,?,?,00EF5BF2), ref: 00EF852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00EF8549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00EF8555

Strings

.exe, xrefs: 00EF8388
.icl, xrefs: 00EF8368
.dll, xrefs: 00EF83AB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 79beb862002d83bc705e7b28414e7cccec8490c02a13b97c8856995332529360
Instruction ID: 0c6b54eb3efc4ea4347a5d6d04c957beefbd5497809ec5ee1cd5bc5665ad35a5
Opcode Fuzzy Hash: 79beb862002d83bc705e7b28414e7cccec8490c02a13b97c8856995332529360
Instruction Fuzzy Hash: F661F07150021ABFEB14DF64CD41BBE77A8FB44710F20560AF919F60D0EB74A984C7A0

Function 00E67778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

#comments-start, xrefs: 00E6785F, 00E678B1
#OnAutoItStartRegister, xrefs: 00E67817
Unterminated group of comments, xrefs: 00EA528C
#ce, xrefs: 00E678ED
', xrefs: 00EA5169
#notrayicon, xrefs: 00E677E7
#include, xrefs: 00E67847
Bad directive syntax error, xrefs: 00EA519A
#cs, xrefs: 00E67873, 00E678C5
Cannot parse #include, xrefs: 00EA5279
#comments-end, xrefs: 00E678D9
#include-once, xrefs: 00E6782F
", xrefs: 00EA5153
#requireadmin, xrefs: 00E677FF
#pragma compile, xrefs: 00E677D3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: c38e45b459cd12bdf3ff992e9cd7348161df69aca20fd30043bd609865c13348
Instruction ID: 53bc45d08b1ac1c328ecb43ac1f920046e647461981c5e05b72de5a551d0bd6b
Opcode Fuzzy Hash: c38e45b459cd12bdf3ff992e9cd7348161df69aca20fd30043bd609865c13348
Instruction Fuzzy Hash: 6A811571684605BBDB20AF60ED42FBE37E8AF15348F106025FD48BB192EB70E901C7A1

Function 00ED3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00ED3EF8
_wcslen.LIBCMT ref: 00ED3F03
_wcslen.LIBCMT ref: 00ED3F5A
_wcslen.LIBCMT ref: 00ED3F98
GetDriveTypeW.KERNEL32(?), ref: 00ED3FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ED401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ED4059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ED4087

Strings

open , xrefs: 00ED3FE5
type cdaudio alias cd wait, xrefs: 00ED4001
closed, xrefs: 00ED3F08, 00ED3F2D, 00ED3F46, 00ED3F7E, 00ED3F97
close cd wait, xrefs: 00ED4072
set cd door , xrefs: 00ED4028
close, xrefs: 00ED3EFE, 00ED3F18
wait, xrefs: 00ED4044
open, xrefs: 00ED3F54, 00ED3F59

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: 00403314949de6ee408bd7ababfbc8b17c4e4e78375c7e4b0cfd4aa0cff6d47a
Instruction ID: f21a0b5f97a7e717eedbd55f1dcfacf6f2ef51a1b6cfc23a430ec432e94cec48
Opcode Fuzzy Hash: 00403314949de6ee408bd7ababfbc8b17c4e4e78375c7e4b0cfd4aa0cff6d47a
Instruction Fuzzy Hash: 8D71D3726042169FC310EF34D8818AAB7F4EF94798F10592EF495A7391EB31ED46CB92

Function 00EC5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00EC5A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00EC5A40
SetWindowTextW.USER32(?,?), ref: 00EC5A57
GetDlgItem.USER32(?,000003EA), ref: 00EC5A6C
SetWindowTextW.USER32(00000000,?), ref: 00EC5A72
GetDlgItem.USER32(?,000003E9), ref: 00EC5A82
SetWindowTextW.USER32(00000000,?), ref: 00EC5A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00EC5AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00EC5AC3
GetWindowRect.USER32(?,?), ref: 00EC5ACC
_wcslen.LIBCMT ref: 00EC5B33
SetWindowTextW.USER32(?,?), ref: 00EC5B6F
GetDesktopWindow.USER32 ref: 00EC5B75
GetWindowRect.USER32(00000000), ref: 00EC5B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00EC5BD3
GetClientRect.USER32(?,?), ref: 00EC5BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00EC5C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00EC5C2F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: d0036a1c83ef1fc90d7e9654ace034669d042f682a729687014a9b7c40d86a28
Instruction ID: 189030cc0c3e5386ea38c95578734d71be51627cc06709b2d6102c8101fc6e13
Opcode Fuzzy Hash: d0036a1c83ef1fc90d7e9654ace034669d042f682a729687014a9b7c40d86a28
Instruction Fuzzy Hash: F2715A32900A09AFDB20DFA9CE85FAEBBF5FB48704F20551DE146B25A0D776B945CB10

Function 00EDFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00EDFE27
LoadCursorW.USER32(00000000,00007F8A), ref: 00EDFE32
LoadCursorW.USER32(00000000,00007F00), ref: 00EDFE3D
LoadCursorW.USER32(00000000,00007F03), ref: 00EDFE48
LoadCursorW.USER32(00000000,00007F8B), ref: 00EDFE53
LoadCursorW.USER32(00000000,00007F01), ref: 00EDFE5E
LoadCursorW.USER32(00000000,00007F81), ref: 00EDFE69
LoadCursorW.USER32(00000000,00007F88), ref: 00EDFE74
LoadCursorW.USER32(00000000,00007F80), ref: 00EDFE7F
LoadCursorW.USER32(00000000,00007F86), ref: 00EDFE8A
LoadCursorW.USER32(00000000,00007F83), ref: 00EDFE95
LoadCursorW.USER32(00000000,00007F85), ref: 00EDFEA0
LoadCursorW.USER32(00000000,00007F82), ref: 00EDFEAB
LoadCursorW.USER32(00000000,00007F84), ref: 00EDFEB6
LoadCursorW.USER32(00000000,00007F04), ref: 00EDFEC1
LoadCursorW.USER32(00000000,00007F02), ref: 00EDFECC
GetCursorInfo.USER32(?), ref: 00EDFEDC
GetLastError.KERNEL32 ref: 00EDFF1E

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: d8809abe726599eb24cb78dadff4d63d3b7328bb52c76b9e0fdb020f0c88f7fe
Instruction ID: d5f74a26e403379521ce4d80b74edb9d67e73f36b4dabab111f9b1d94ea850a1
Opcode Fuzzy Hash: d8809abe726599eb24cb78dadff4d63d3b7328bb52c76b9e0fdb020f0c88f7fe
Instruction Fuzzy Hash: C94154B0E44319AEDB10DFBA9C8586EBFE8FF04754B50452AE11DE7281DB78D901CE91

Function 00E800C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00E800C6

Part of subcall function 00E800ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00F3070C,00000FA0,97C1506D,?,?,?,?,00EA23B3,000000FF), ref: 00E8011C
Part of subcall function 00E800ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00EA23B3,000000FF), ref: 00E80127
Part of subcall function 00E800ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00EA23B3,000000FF), ref: 00E80138
Part of subcall function 00E800ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00E8014E
Part of subcall function 00E800ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00E8015C
Part of subcall function 00E800ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00E8016A
Part of subcall function 00E800ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00E80195
Part of subcall function 00E800ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00E801A0

___scrt_fastfail.LIBCMT ref: 00E800E7

Part of subcall function 00E800A3: __onexit.LIBCMT ref: 00E800A9

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 00E80122
WakeAllConditionVariable, xrefs: 00E80162
InitializeConditionVariable, xrefs: 00E80148
kernel32.dll, xrefs: 00E80133
SleepConditionVariableCS, xrefs: 00E80154

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: 2883600416176e4abcef9f675b668af27d80c32fac24793dc3ed03ab540ff787
Instruction ID: f22d6df708702cb370d9eb73c762812cc81a960f1e464fe2829118e31e3a00d2
Opcode Fuzzy Hash: 2883600416176e4abcef9f675b668af27d80c32fac24793dc3ed03ab540ff787
Instruction Fuzzy Hash: 3D2107326427196FE7506B64AD09B3933E4DF45B71F20112AF90DB3291DF619808CB91

Function 00EC30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00EC318D
_wcslen.LIBCMT ref: 00EC31F8

Strings

CLASSNN, xrefs: 00EC31F3, 00EC3204
NAME, xrefs: 00EC3335, 00EC3346
TEXT, xrefs: 00EC347C
CLASS, xrefs: 00EC3188, 00EC31A5
INSTANCE, xrefs: 00EC3453
REGEXPCLASS, xrefs: 00EC3255, 00EC3266

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: e6ec44e63b8fdb35d546521fe6b254fd991c627c3d6dc54bfbb15235ea778e67
Instruction ID: 680eefe2b2f32c64010690df3711005d695439e30360555637c1913b620f472a
Opcode Fuzzy Hash: e6ec44e63b8fdb35d546521fe6b254fd991c627c3d6dc54bfbb15235ea778e67
Instruction Fuzzy Hash: 24E1E431A006269BCB189FB8C541FEDFBB0BF54714F64E11EE46AB7240DB31AE469790

Function 00ED44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,00EFCC08), ref: 00ED4527
_wcslen.LIBCMT ref: 00ED453B
_wcslen.LIBCMT ref: 00ED4599
_wcslen.LIBCMT ref: 00ED45F4
_wcslen.LIBCMT ref: 00ED463F
_wcslen.LIBCMT ref: 00ED46A7

Part of subcall function 00E7F9F2: _wcslen.LIBCMT ref: 00E7F9FD

GetDriveTypeW.KERNEL32(?,00F26BF0,00000061), ref: 00ED4743

Strings

removable, xrefs: 00ED45EA, 00ED45EF
all, xrefs: 00ED4531, 00ED4536
fixed, xrefs: 00ED4635, 00ED463A
unknown, xrefs: 00ED4708
network, xrefs: 00ED469D, 00ED46A2
cdrom, xrefs: 00ED458F, 00ED4594
ramdisk, xrefs: 00ED46F1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 0a4296babc225d9bc212c07fbc82affa944aeb1f42b6cbbc258cd5b970350378
Instruction ID: 7e24b7b6671c38e647f4bc9c38a50db4ebc3859cda4f74992665cef95bf8b0b8
Opcode Fuzzy Hash: 0a4296babc225d9bc212c07fbc82affa944aeb1f42b6cbbc258cd5b970350378
Instruction Fuzzy Hash: 1AB102B16083029FC710DF28D890A6AB7E5EFA5764F10691EF4AAE73D1D730D846CB52

Function 00EE3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00EFCC08), ref: 00EE40BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00EE40CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00EFCC08), ref: 00EE40F2
FreeLibrary.KERNEL32(00000000,?,00EFCC08), ref: 00EE413E
StringFromGUID2.OLE32(?,?,00000028,?,00EFCC08), ref: 00EE41A8
SysFreeString.OLEAUT32(00000009), ref: 00EE4262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00EE42C8
SysFreeString.OLEAUT32(?), ref: 00EE42F2

Strings

kernel32.dll, xrefs: 00EE40B6
GetModuleHandleExW, xrefs: 00EE40C7

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: ae88a5e1ef9555b58a3fea567f47b6c467ac2ea8bc6adb0cb22246e539ef83c6
Instruction ID: 9bc150191f486e0083a2ac5eb3d04680a2d5af95f99d61ceb51064e4bff0c890
Opcode Fuzzy Hash: ae88a5e1ef9555b58a3fea567f47b6c467ac2ea8bc6adb0cb22246e539ef83c6
Instruction Fuzzy Hash: F2126EB1A00149EFDB14DF95C884EAEB7B5FF85318F249098F905AB291D731ED46CBA0

Function 00E6326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00F31990), ref: 00EA2F8D
GetMenuItemCount.USER32(00F31990), ref: 00EA303D
GetCursorPos.USER32(?), ref: 00EA3081
SetForegroundWindow.USER32(00000000), ref: 00EA308A
TrackPopupMenuEx.USER32(00F31990,00000000,?,00000000,00000000,00000000), ref: 00EA309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00EA30A9

Strings

0, xrefs: 00E6327D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: a6650721fae1a959478fdcedbcc36e3cc40f3b34d51ee3e081f1c1b666e03bf7
Instruction ID: 09f1af3609c9de54acc9f05ed49914247d48d4d6a66f442e813e6036ae960470
Opcode Fuzzy Hash: a6650721fae1a959478fdcedbcc36e3cc40f3b34d51ee3e081f1c1b666e03bf7
Instruction Fuzzy Hash: B8712930644209BEEB218F39DD49FAABF68FF05368F20520AF6157A1E0C7B1B954D750

Function 00EF6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00EF6DEB

Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00EF6E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00EF6E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EF6E94
DestroyWindow.USER32(?), ref: 00EF6EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00E60000,00000000), ref: 00EF6EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EF6EFD
GetDesktopWindow.USER32 ref: 00EF6F16
GetWindowRect.USER32(00000000), ref: 00EF6F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00EF6F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00EF6F4D

Part of subcall function 00E79944: GetWindowLongW.USER32(?,000000EB), ref: 00E79952

Strings

tooltips_class32, xrefs: 00EF6E58, 00EF6EDD
0, xrefs: 00EF6D98

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: 0aa3fcf9e187f6ba9053e813b0888f4365b4d63e8019f8ab1896ac9dae3ff943
Instruction ID: 73b1595168c2b51dc26ffff1ac12e20fffea7bbaf7779074bf044e720d659b21
Opcode Fuzzy Hash: 0aa3fcf9e187f6ba9053e813b0888f4365b4d63e8019f8ab1896ac9dae3ff943
Instruction Fuzzy Hash: C5716C71104248AFDB21DF18D844BBABBE9FB89708F14541DF689A7261C770ED0ADB12

Function 00EF911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2

DragQueryPoint.SHELL32(?,?), ref: 00EF9147

Part of subcall function 00EF7674: ClientToScreen.USER32(?,?), ref: 00EF769A
Part of subcall function 00EF7674: GetWindowRect.USER32(?,?), ref: 00EF7710
Part of subcall function 00EF7674: PtInRect.USER32(?,?,00EF8B89), ref: 00EF7720

SendMessageW.USER32(?,000000B0,?,?), ref: 00EF91B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00EF91BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00EF91DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00EF9225
SendMessageW.USER32(?,000000B0,?,?), ref: 00EF923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00EF9255
SendMessageW.USER32(?,000000B1,?,?), ref: 00EF9277
DragFinish.SHELL32(?), ref: 00EF927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00EF9371

Strings

@GUI_DRAGID, xrefs: 00EF92E9
@GUI_DRAGFILE, xrefs: 00EF9320
@GUI_DROPID, xrefs: 00EF929E

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: 226fff89bbac76ccfd0d38c38389e012789f526d62082ddae6cf4c627b33f72b
Instruction ID: 1fc75f693f912862d000da59c42b7916f31b2db899972bbb7235f241087637da
Opcode Fuzzy Hash: 226fff89bbac76ccfd0d38c38389e012789f526d62082ddae6cf4c627b33f72b
Instruction Fuzzy Hash: 2E616A71108305AFD701EF60ED85EAFBBE8EFC8790F10192DF595A21A1DB309A49CB52

Function 00EDC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00EDC4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00EDC4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00EDC4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00EDC4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00EDC533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00EDC549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00EDC554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00EDC584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00EDC5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00EDC5F0
InternetCloseHandle.WININET(00000000), ref: 00EDC5FB

Strings

, xrefs: 00EDC575

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: cfbe1445f9756c5520edd74589b7c8ec674ad6108ac5fe3ebfd58363f0e6fb00
Instruction ID: c275191be1f7ea5c58456b4f10d7d08b9d4111a9b8c430653abb8db0c55461f9
Opcode Fuzzy Hash: cfbe1445f9756c5520edd74589b7c8ec674ad6108ac5fe3ebfd58363f0e6fb00
Instruction Fuzzy Hash: 1E517FB150060ABFDB219F61D948ABB7BFCFF48788F20541AF945E6250DB30E949DB60

Function 00EF856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00EF8592
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00EF85A2
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00EF85AD
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00EF85BA
GlobalLock.KERNEL32(00000000), ref: 00EF85C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00EF85D7
GlobalUnlock.KERNEL32(00000000), ref: 00EF85E0
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00EF85E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00EF85F8
OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00EFFC38,?), ref: 00EF8611
GlobalFree.KERNEL32(00000000), ref: 00EF8621
GetObjectW.GDI32(?,00000018,?), ref: 00EF8641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00EF8671
DeleteObject.GDI32(?), ref: 00EF8699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00EF86AF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 8ece81a2ab9a89a62308893eda1318e596cade621bbfa1afa6957b54c39f3220
Instruction ID: 1ee1a4fa9047984f702ab89567054c68542a472f62347215fe7f2cad8925fb49
Opcode Fuzzy Hash: 8ece81a2ab9a89a62308893eda1318e596cade621bbfa1afa6957b54c39f3220
Instruction Fuzzy Hash: 7D410A75600208AFDB11DFA6DE48EBA7BB8FF89B55F214058F905E72A0DB309D05DB60

Function 00ED14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00ED1502
VariantCopy.OLEAUT32(?,?), ref: 00ED150B
VariantClear.OLEAUT32(?), ref: 00ED1517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00ED15FB
VarR8FromDec.OLEAUT32(?,?), ref: 00ED1657
VariantInit.OLEAUT32(?), ref: 00ED1708
SysFreeString.OLEAUT32(?), ref: 00ED178C
VariantClear.OLEAUT32(?), ref: 00ED17D8
VariantClear.OLEAUT32(?), ref: 00ED17E7
VariantInit.OLEAUT32(00000000), ref: 00ED1823

Strings

Default, xrefs: 00ED16AF
%4d%02d%02d%02d%02d%02d, xrefs: 00ED1625

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 2f3cbedf5beca36357c933827ec26db8a1c43cf59388559aebae0d07f442b34b
Instruction ID: 2382d8a8bd884abf69166512ce5986bd7151cf8a908d19c09bc27ad8fdc78330
Opcode Fuzzy Hash: 2f3cbedf5beca36357c933827ec26db8a1c43cf59388559aebae0d07f442b34b
Instruction Fuzzy Hash: 88D1DE71A00205EBDB109F65E885BBDB7F5FF85700F24909BE406BB291DB38D846DB62

Function 00EEB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00EEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EEB6AE,?,?), ref: 00EEC9B5
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EEC9F1
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA68
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EEB6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EEB772
RegDeleteValueW.ADVAPI32(?,?), ref: 00EEB80A
RegCloseKey.ADVAPI32(?), ref: 00EEB87E
RegCloseKey.ADVAPI32(?), ref: 00EEB89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 00EEB8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00EEB904
RegDeleteKeyW.ADVAPI32(?,?), ref: 00EEB922
FreeLibrary.KERNEL32(00000000), ref: 00EEB983
RegCloseKey.ADVAPI32(00000000), ref: 00EEB994

Strings

RegDeleteKeyExW, xrefs: 00EEB8FE
advapi32.dll, xrefs: 00EEB8ED

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: b6c5d99ab9e321ff3d3742afe31037b50c000b126418430b9a696788dc48baad
Instruction ID: f206ef7a2dce0826bd36b2ec360e80a3b39c87e9bfc800d468872867a3a9d2d2
Opcode Fuzzy Hash: b6c5d99ab9e321ff3d3742afe31037b50c000b126418430b9a696788dc48baad
Instruction Fuzzy Hash: 17C19D30204245AFD714DF15C495F2ABBE5BF84348F24A55CF49AAB3A2CB71EC46CB91

Function 00EE255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00EE25D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00EE25E8
CreateCompatibleDC.GDI32(?), ref: 00EE25F4
SelectObject.GDI32(00000000,?), ref: 00EE2601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00EE266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00EE26AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00EE26D0
SelectObject.GDI32(?,?), ref: 00EE26D8
DeleteObject.GDI32(?), ref: 00EE26E1
DeleteDC.GDI32(?), ref: 00EE26E8
ReleaseDC.USER32(00000000,?), ref: 00EE26F3

Strings

(, xrefs: 00EE268D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 73cf5ca339422c90321d1c821db7694acac0261ecb0ccce274cea138fa8388e2
Instruction ID: 4b34b796dffe09e9540cdecde3daa2b95bf408b46d77d1dae56c8454e2f86ea2
Opcode Fuzzy Hash: 73cf5ca339422c90321d1c821db7694acac0261ecb0ccce274cea138fa8388e2
Instruction Fuzzy Hash: 4561D175D00219EFCB04CFA9D984AAEBBF9FF48310F20852AEA55B7250D770A955CF90

Function 00E9DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00E9DAA1

Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D659
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D66B
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D67D
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D68F
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6A1
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6B3
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6C5
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6D7
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6E9
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6FB
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D70D
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D71F
Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D731

_free.LIBCMT ref: 00E9DA96

Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0

_free.LIBCMT ref: 00E9DAB8
_free.LIBCMT ref: 00E9DACD
_free.LIBCMT ref: 00E9DAD8
_free.LIBCMT ref: 00E9DAFA
_free.LIBCMT ref: 00E9DB0D
_free.LIBCMT ref: 00E9DB1B
_free.LIBCMT ref: 00E9DB26
_free.LIBCMT ref: 00E9DB5E
_free.LIBCMT ref: 00E9DB65
_free.LIBCMT ref: 00E9DB82
_free.LIBCMT ref: 00E9DB9A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: cc40270b5b1446514bd5f3ec637d8578c0e4a18b73ca600a35bbe765c1b39b9a
Instruction ID: d270f3b9fd587b295aa8531a34875fb8635c5b0e758b15dfb91fc83e49a139ff
Opcode Fuzzy Hash: cc40270b5b1446514bd5f3ec637d8578c0e4a18b73ca600a35bbe765c1b39b9a
Instruction Fuzzy Hash: 01318B31608714AFEF21AA38EC41B9AB7E9FF40324F106419E548F7192EF71AC50C760

Function 00EC365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00EC369C
_wcslen.LIBCMT ref: 00EC36A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00EC3797
GetClassNameW.USER32(?,?,00000400), ref: 00EC380C
GetDlgCtrlID.USER32(?), ref: 00EC385D
GetWindowRect.USER32(?,?), ref: 00EC3882
GetParent.USER32(?), ref: 00EC38A0
ScreenToClient.USER32(00000000), ref: 00EC38A7
GetClassNameW.USER32(?,?,00000100), ref: 00EC3921
GetWindowTextW.USER32(?,?,00000400), ref: 00EC395D

Strings

%s%u, xrefs: 00EC3734

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 7844f973614e90e640c13fd57d2cccbdc0f71acde95f8cb978a8194a81f5218e
Instruction ID: c680489570dba980fe1fbcdde793c2b5caaeb3b1a6111cad7895b198439e44ff
Opcode Fuzzy Hash: 7844f973614e90e640c13fd57d2cccbdc0f71acde95f8cb978a8194a81f5218e
Instruction Fuzzy Hash: EB91C071204606AFD718DF34C985FAAB7E8FF84314F10952DF999E2190DB31EA4ACB91

Function 00EC4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00EC4994
GetWindowTextW.USER32(?,?,00000400), ref: 00EC49DA
_wcslen.LIBCMT ref: 00EC49EB
CharUpperBuffW.USER32(?,00000000), ref: 00EC49F7
_wcsstr.LIBVCRUNTIME ref: 00EC4A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00EC4A64
GetWindowTextW.USER32(?,?,00000400), ref: 00EC4A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00EC4AE6
GetClassNameW.USER32(?,?,00000400), ref: 00EC4B20
GetWindowRect.USER32(?,?), ref: 00EC4B8B

Strings

ThumbnailClass, xrefs: 00EC4A6F, 00EC4AF1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: 5c48670fabaa112c758fe014c4d0b6ee3aacecbca909b48a9818a056bb00f44c
Instruction ID: 85787b594a7b5eb5b2b19d4bde5876ac05364c510c3a0852e2ab8dc8ac889bde
Opcode Fuzzy Hash: 5c48670fabaa112c758fe014c4d0b6ee3aacecbca909b48a9818a056bb00f44c
Instruction Fuzzy Hash: D191B0B10042059FDB04DE14CA95FAA77E8EF84718F04646DFD89A60D6DB31ED46CBA1

Function 00EF8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00EF8D5A
GetFocus.USER32 ref: 00EF8D6A
GetDlgCtrlID.USER32(00000000), ref: 00EF8D75
DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00EF8E1D
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00EF8ECF
GetMenuItemCount.USER32(?), ref: 00EF8EEC
GetMenuItemID.USER32(?,00000000), ref: 00EF8EFC
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00EF8F2E
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00EF8F70
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00EF8FA1

Strings

0, xrefs: 00EF8E9F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
String ID: 0
API String ID: 1026556194-4108050209
Opcode ID: cd904d03d5de8e5ff755ffd8b064ad488a4922293b24c43a292c4541c55a5eff
Instruction ID: 15a7421312ff9e9b9f22c71bf5e80223588814a440c21e2282efcb41281d1117
Opcode Fuzzy Hash: cd904d03d5de8e5ff755ffd8b064ad488a4922293b24c43a292c4541c55a5eff
Instruction Fuzzy Hash: AF819D726083099FD710CF14CE84ABB7BE9FF88758F141959FA85A7291DB30D904CB62

Function 00ECDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 00ECDC20
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00ECDC46
_wcslen.LIBCMT ref: 00ECDC50
_wcsstr.LIBVCRUNTIME ref: 00ECDCA0
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00ECDCBC

Strings

DefaultLangCodepage, xrefs: 00ECDD1F
StringFileInfo\, xrefs: 00ECDC8F
%u.%u.%u.%u, xrefs: 00ECDD9A
\VarFileInfo\Translation, xrefs: 00ECDCB4
04090000, xrefs: 00ECDCF2

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 1939486746-1459072770
Opcode ID: e8978e12fa0054a9a239c72da28f922fa785fa17238a25f6e891083a7da99568
Instruction ID: 39db9e518287b66e964160fe760f2070df77a9b0024103a8df240355951d1114
Opcode Fuzzy Hash: e8978e12fa0054a9a239c72da28f922fa785fa17238a25f6e891083a7da99568
Instruction Fuzzy Hash: 3A4134329442047ADB10B7749D03FFF77ACDF41720F20206AF909B61D2EB329901A7A1

Function 00EECC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00EECC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00EECC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00EECD48

Part of subcall function 00EECC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00EECCAA
Part of subcall function 00EECC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00EECCBD
Part of subcall function 00EECC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00EECCCF
Part of subcall function 00EECC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00EECD05
Part of subcall function 00EECC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00EECD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 00EECCF3

Strings

RegDeleteKeyExW, xrefs: 00EECCC9
advapi32.dll, xrefs: 00EECCB8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: aa4272d3ce60e6b019b9800b0f17e2eee2cb979bc20e690673078633e55e7b88
Instruction ID: f8022400c250de8c1c8124351fa6a006cf046e0b32676ed4604d4b6fd22fcb63
Opcode Fuzzy Hash: aa4272d3ce60e6b019b9800b0f17e2eee2cb979bc20e690673078633e55e7b88
Instruction Fuzzy Hash: 31318E7190112DBFDB209B96DC88EFFBB7CEF45744F300165A905F2240DA309A4ADAA1

Function 00ED3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00ED3D40
_wcslen.LIBCMT ref: 00ED3D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00ED3D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00ED3DBE
RemoveDirectoryW.KERNEL32(?), ref: 00ED3DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00ED3E55
CloseHandle.KERNEL32(00000000), ref: 00ED3E60
CloseHandle.KERNEL32(00000000), ref: 00ED3E6B

Strings

\, xrefs: 00ED3D77
:, xrefs: 00ED3D82
\??\%s, xrefs: 00ED3D5B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: 54bbf7c209cb2c6ba17dc87deb1891fd1bc678067ce22c3117a787a12e42f0a3
Instruction ID: 5a4b85586aad92f7abf620676aec57443f539a92753e04a336697507bacc36bb
Opcode Fuzzy Hash: 54bbf7c209cb2c6ba17dc87deb1891fd1bc678067ce22c3117a787a12e42f0a3
Instruction Fuzzy Hash: 9131A17190020AABDB209BA1DC49FEB37BDEF88744F2050B6F509E6160E7749749CB25

Function 00ECE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00ECE6B4

Part of subcall function 00E7E551: timeGetTime.WINMM(?,?,00ECE6D4), ref: 00E7E555

Sleep.KERNEL32(0000000A), ref: 00ECE6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00ECE705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00ECE727
SetActiveWindow.USER32 ref: 00ECE746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00ECE754
SendMessageW.USER32(00000010,00000000,00000000), ref: 00ECE773
Sleep.KERNEL32(000000FA), ref: 00ECE77E
IsWindow.USER32 ref: 00ECE78A
EndDialog.USER32(00000000), ref: 00ECE79B

Strings

BUTTON, xrefs: 00ECE719

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 09dd6b99e4c52815b2fd1d8729034a36ad8473b30cab268fddc5daedf2062218
Instruction ID: 8b2f3677b47471c3d2de9a97b2c00c2a1c499550be68107866c52dfad27c2fae
Opcode Fuzzy Hash: 09dd6b99e4c52815b2fd1d8729034a36ad8473b30cab268fddc5daedf2062218
Instruction Fuzzy Hash: 9421997120060CAFEB005F32EE8AF353B6AFB94758F306429F505F12A1DB72AC15EA15

Function 00ECE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00ECEA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00ECEA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ECEA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00ECEA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00ECEAA7

Strings

close PlayMe, xrefs: 00ECEA6E, 00ECEA9B
alias PlayMe, xrefs: 00ECEA36
open , xrefs: 00ECEA0C
play PlayMe wait, xrefs: 00ECEA91
play PlayMe, xrefs: 00ECEAA2
status PlayMe mode, xrefs: 00ECEA58

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: c13cd868cf149e13fe5f224dc2385d175301d5c80ffd05071fa2fc69078780c7
Instruction ID: a98a00f36c9b216b9ef68be8a9da4bcd5102add7ff0afdacb7ba4813854af62b
Opcode Fuzzy Hash: c13cd868cf149e13fe5f224dc2385d175301d5c80ffd05071fa2fc69078780c7
Instruction Fuzzy Hash: 5511A331AD02697DD720A7A1ED4AEFF7ABCEBD2B44F001429B411F21D1EE704945C9B1

Function 00EC5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00EC5CE2
GetWindowRect.USER32(00000000,?), ref: 00EC5CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00EC5D59
GetDlgItem.USER32(?,00000002), ref: 00EC5D69
GetWindowRect.USER32(00000000,?), ref: 00EC5D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00EC5DCF
GetDlgItem.USER32(?,000003E9), ref: 00EC5DDD
GetWindowRect.USER32(00000000,?), ref: 00EC5DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00EC5E31
GetDlgItem.USER32(?,000003EA), ref: 00EC5E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00EC5E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00EC5E67

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: b607acbc8df5d73918f997b0e7e89cc6a5d5f0263d22032b6262ef2f842768c1
Instruction ID: e62856757cbe055700f03707e39adf1487dfb6234c6ffa97c0a50aaef31d0297
Opcode Fuzzy Hash: b607acbc8df5d73918f997b0e7e89cc6a5d5f0263d22032b6262ef2f842768c1
Instruction Fuzzy Hash: 9C511071A00609AFDF18CF69DE89EAE7BB5EB88700F209129F516F6290D770AD45CB50

Function 00E78BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00E78F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00E78BE8,?,00000000,?,?,?,?,00E78BBA,00000000,?), ref: 00E78FC5

DestroyWindow.USER32(?), ref: 00E78C81
KillTimer.USER32(00000000,?,?,?,?,00E78BBA,00000000,?), ref: 00E78D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00EB6973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00E78BBA,00000000,?), ref: 00EB69A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00E78BBA,00000000,?), ref: 00EB69B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00E78BBA,00000000), ref: 00EB69D4
DeleteObject.GDI32(00000000), ref: 00EB69E6

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 7c4aae759601d2f632a641ab58705adf2f6328298f52b551885741f53a03c0ad
Instruction ID: 9abbd6ce533902d6c812ce9fadc989648e33d1b023257540df2c5c028077db97
Opcode Fuzzy Hash: 7c4aae759601d2f632a641ab58705adf2f6328298f52b551885741f53a03c0ad
Instruction Fuzzy Hash: 0E61C230102608DFDB269F15DB4CB66B7F2FB9032AF24A529E046B65A0CB35AD84DF51

Function 00E79838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00E79944: GetWindowLongW.USER32(?,000000EB), ref: 00E79952

GetSysColor.USER32(0000000F), ref: 00E79862

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 694e7ebe0e5f602b35f3c12ee238e3a717d93aaa91a3796cb89d702e7589dc41
Instruction ID: 4d59da423eba33c1511f8835fc63a209eaa84dfa20ce4e08ba2a33c581dc73f1
Opcode Fuzzy Hash: 694e7ebe0e5f602b35f3c12ee238e3a717d93aaa91a3796cb89d702e7589dc41
Instruction Fuzzy Hash: C641E7311056049FEB249F39DC44BBA3B65EF87335F249645F9A6A71E2C7309C42DB11

Function 00E98D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Strings

., xrefs: 00E9903A, 00E98FD0, 00E98FF2

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-3963672497
Opcode ID: 7b5e62d9b4a05bdd3dbc23c6e119f83383e1d81c92c75bdc810ece86a9074121
Instruction ID: f3d862c6ae415e36c18c56e48b17558aca4f05878490a14dcd8f6b35d3872282
Opcode Fuzzy Hash: 7b5e62d9b4a05bdd3dbc23c6e119f83383e1d81c92c75bdc810ece86a9074121
Instruction Fuzzy Hash: DBC1D374A04249AFCF11EFACC841BADBBF1AF4A314F146199E528B73A2C7309941CB61

Function 00EC96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00EAF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00EC9717
LoadStringW.USER32(00000000,?,00EAF7F8,00000001), ref: 00EC9720

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00EAF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00EC9742
LoadStringW.USER32(00000000,?,00EAF7F8,00000001), ref: 00EC9745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00EC9866

Strings

Line %d (File "%s"):, xrefs: 00EC978F
Error: , xrefs: 00EC981D
^ ERROR, xrefs: 00EC97FB
%s (%d) : ==> %s: %s %s, xrefs: 00EC984A
Line %d:, xrefs: 00EC97A0

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 5b3a96c41fbfa9e1942c5cb95170991dbe563f9b51db78d055b32adbb790865b
Instruction ID: af40483280b38a0c6457d33088a8bc56a949b635cd98f6bfc0a93318b8967a1b
Opcode Fuzzy Hash: 5b3a96c41fbfa9e1942c5cb95170991dbe563f9b51db78d055b32adbb790865b
Instruction Fuzzy Hash: 5B413072840119AACB04FBE0EE46EEEB7BCAF55340F202065F50573192EB356F49DB61

Function 00EC06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00EC07A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00EC07BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00EC07DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00EC0804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00EC082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00EC0837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00EC083C

Strings

\IPC$, xrefs: 00EC0784
SOFTWARE\Classes\, xrefs: 00EC070E
\CLSID, xrefs: 00EC0724

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 035bec7890b90699452ec4382e16e9f79fa4154e302e7d11bb8b357e1cfdb54b
Instruction ID: 4183efefb3b46b6626217af8514d86f50075ac519c2202e48e092205682bc259
Opcode Fuzzy Hash: 035bec7890b90699452ec4382e16e9f79fa4154e302e7d11bb8b357e1cfdb54b
Instruction Fuzzy Hash: 42412872C50229EFDF15EBA4ED85DEDB7B8BF44790B145129E901B3161EB309E05CBA0

Function 00EF3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00EF403B
CreateCompatibleDC.GDI32(00000000), ref: 00EF4042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00EF4055
SelectObject.GDI32(00000000,00000000), ref: 00EF405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00EF4068
DeleteDC.GDI32(00000000), ref: 00EF4072
GetWindowLongW.USER32(?,000000EC), ref: 00EF407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00EF4092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00EF409E

Strings

static, xrefs: 00EF3FD3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 6c219c8420f26b14a2461530d089ae99a55202fdce2ca9c88bc5407e708d831c
Instruction ID: 6ecd015e197890d446d383f1a2b15fe77506e167cdb60a309649e732db945c29
Opcode Fuzzy Hash: 6c219c8420f26b14a2461530d089ae99a55202fdce2ca9c88bc5407e708d831c
Instruction Fuzzy Hash: 3D315872101219AFDF229FA5CD08FEA3BA9EF4D724F211211FA14B61A0CB35D824DB50

Function 00EE3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00EE3C5C
CoInitialize.OLE32(00000000), ref: 00EE3C8A
CoUninitialize.OLE32 ref: 00EE3C94
_wcslen.LIBCMT ref: 00EE3D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00EE3DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00EE3ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00EE3F0E
CoGetObject.OLE32(?,00000000,00EFFB98,?), ref: 00EE3F2D
SetErrorMode.KERNEL32(00000000), ref: 00EE3F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00EE3FC4
VariantClear.OLEAUT32(?), ref: 00EE3FD8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 86ec6f53db09face6387c4531e85272c1e1e67b510b3fd449a40b7de2e48e3ee
Instruction ID: 832d6c50ccd17dbb2e4af3583787e727c7abe6c8a6abc58a9efe5627cc8b123b
Opcode Fuzzy Hash: 86ec6f53db09face6387c4531e85272c1e1e67b510b3fd449a40b7de2e48e3ee
Instruction Fuzzy Hash: 6FC168716083499FC700DF69C88896BB7E9FF89748F10591DF98AAB221D731EE05CB52

Function 00ED7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00ED7AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00ED7B8F
SHGetDesktopFolder.SHELL32(?), ref: 00ED7BA3
CoCreateInstance.OLE32(00EFFD08,00000000,00000001,00F26E6C,?), ref: 00ED7BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00ED7C74
CoTaskMemFree.OLE32(?,?), ref: 00ED7CCC
SHBrowseForFolderW.SHELL32(?), ref: 00ED7D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00ED7D7A
CoTaskMemFree.OLE32(00000000), ref: 00ED7D81
CoTaskMemFree.OLE32(00000000), ref: 00ED7DD6
CoUninitialize.OLE32 ref: 00ED7DDC

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 1b68c06560c2fc5f47d60d73c9c3aac68c4cde5fa54f0f34349a89fad167f4a4
Instruction ID: d82a4a10321511ab51e71eadfc1a8c54859bb43da9613c11a4fae82cf3a3d505
Opcode Fuzzy Hash: 1b68c06560c2fc5f47d60d73c9c3aac68c4cde5fa54f0f34349a89fad167f4a4
Instruction Fuzzy Hash: 87C13C75A04109AFCB14DF64C884DAEBBF9FF48344B149499E85AEB361D730ED46CB90

Function 00EF541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00EF5504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EF5515
CharNextW.USER32(00000158), ref: 00EF5544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00EF5585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00EF559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EF55AC

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: e31f380583eef441348c7b4e6dc85dd205020a0f294c3920875ad5a9b8fd8d7f
Instruction ID: 7ee7dac894986a0d168008a6adf055ba8effc6d1116e4fd9a54e99d88e7741f8
Opcode Fuzzy Hash: e31f380583eef441348c7b4e6dc85dd205020a0f294c3920875ad5a9b8fd8d7f
Instruction Fuzzy Hash: B761BE3290460CEFDF108F50CC84AFE7BB9EB55724F209049FB25B6290D7708A84DB61

Function 00EBFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00EBFAAF
SafeArrayAllocData.OLEAUT32(?), ref: 00EBFB08
VariantInit.OLEAUT32(?), ref: 00EBFB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00EBFB3A
VariantCopy.OLEAUT32(?,?), ref: 00EBFB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00EBFBA1
VariantClear.OLEAUT32(?), ref: 00EBFBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 00EBFBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00EBFBCC
VariantClear.OLEAUT32(?), ref: 00EBFBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00EBFBE9

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: bc99c58073ea3494540a393c839781a0b8021835bc3e60eaaae621ed9dc2ffb0
Instruction ID: 5a739e5f045a45d80c8e66066a18e2b6b349936268678068e4a56b52b29e52d5
Opcode Fuzzy Hash: bc99c58073ea3494540a393c839781a0b8021835bc3e60eaaae621ed9dc2ffb0
Instruction Fuzzy Hash: 58413E35A002199FCB04DF65DCA49FEBBB9EF48344F209469E955B7261CB30A945CBA0

Function 00EC9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00EC9CA1
GetAsyncKeyState.USER32(000000A0), ref: 00EC9D22
GetKeyState.USER32(000000A0), ref: 00EC9D3D
GetAsyncKeyState.USER32(000000A1), ref: 00EC9D57
GetKeyState.USER32(000000A1), ref: 00EC9D6C
GetAsyncKeyState.USER32(00000011), ref: 00EC9D84
GetKeyState.USER32(00000011), ref: 00EC9D96
GetAsyncKeyState.USER32(00000012), ref: 00EC9DAE
GetKeyState.USER32(00000012), ref: 00EC9DC0
GetAsyncKeyState.USER32(0000005B), ref: 00EC9DD8
GetKeyState.USER32(0000005B), ref: 00EC9DEA

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: d2e3bbc8fd7b419d35d4c3a4a4efb6131dfc983f7e8cd88caeed81b1b0fac088
Instruction ID: c3a36a0f41aa94f4a9bb52f3572218f33bab4d7878d9036b33560c67e4651aba
Opcode Fuzzy Hash: d2e3bbc8fd7b419d35d4c3a4a4efb6131dfc983f7e8cd88caeed81b1b0fac088
Instruction Fuzzy Hash: 1A41E8305047C96DFF308660860CBB5FEE06B21348F08A05EDAC7761C3DBA699C9C7A2

Function 00EE055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00EE05BC
inet_addr.WSOCK32(?), ref: 00EE061C
gethostbyname.WSOCK32(?), ref: 00EE0628
IcmpCreateFile.IPHLPAPI ref: 00EE0636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00EE06C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00EE06E5
IcmpCloseHandle.IPHLPAPI(?), ref: 00EE07B9
WSACleanup.WSOCK32 ref: 00EE07BF

Strings

Ping, xrefs: 00EE0676

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: efe9bac60e3d5a73de41bd604c6fcbbe7a8a761d729133e94538a49c5d7ddbe7
Instruction ID: b3b49766a645c076a31165b0d767c3abfaf9c7c645b9a8d9e958f20e40838d35
Opcode Fuzzy Hash: efe9bac60e3d5a73de41bd604c6fcbbe7a8a761d729133e94538a49c5d7ddbe7
Instruction Fuzzy Hash: 3391C1356042459FD320DF16D488F16BBE0AF84318F149599F469AB7A2C7B0FC85CF91

Function 00EE8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00EE8CF3

Part of subcall function 00EC8E54: _wcslen.LIBCMT ref: 00EC8E77

_wcslen.LIBCMT ref: 00EE8D4E
_wcslen.LIBCMT ref: 00EE8D9C
_wcslen.LIBCMT ref: 00EE8DDC
_wcslen.LIBCMT ref: 00EE8E6E

Strings

winapi, xrefs: 00EE8D96, 00EE8D9B
cdecl, xrefs: 00EE8D48, 00EE8D4D
stdcall, xrefs: 00EE8DD6, 00EE8DDB
none, xrefs: 00EE8E65, 00EE8E6A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: ed41117483597d52f417bfc82397f69c38860fe311cff9dc67b49c033218efd9
Instruction ID: 36d8d57562372445eb766fc68ae1d0c02ac2483adceb4adc19683d00687242e3
Opcode Fuzzy Hash: ed41117483597d52f417bfc82397f69c38860fe311cff9dc67b49c033218efd9
Instruction Fuzzy Hash: DB51C031A0055A9BCB24DF69CE508BEB7E5BF64328B205229E82AF72D5DB31DD40D790

Function 00EE372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00EE3774
CoUninitialize.OLE32 ref: 00EE377F
CoCreateInstance.OLE32(?,00000000,00000017,00EFFB78,?), ref: 00EE37D9
IIDFromString.OLE32(?,?), ref: 00EE384C
VariantInit.OLEAUT32(?), ref: 00EE38E4
VariantClear.OLEAUT32(?), ref: 00EE3936

Strings

NULL Pointer assignment, xrefs: 00EE381E
Failed to create object, xrefs: 00EE37E4, 00EE389A
Invalid parameter, xrefs: 00EE3865

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 188a7dcaccc0c5592faf885715f912c60a93b81dee1b36aa02408f0e5d67a950
Instruction ID: 438a70560c98b000da3fc6521889948631a50abcfb0cef4048e190075bd7a6d7
Opcode Fuzzy Hash: 188a7dcaccc0c5592faf885715f912c60a93b81dee1b36aa02408f0e5d67a950
Instruction Fuzzy Hash: F761E170608345AFD314DF66D849F6ABBE8EF88714F10180EF885A7291D770EE48CB96

Function 00ED3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00ED33CF

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00ED33F0

Strings

^ ERROR , xrefs: 00ED349E
Incorrect parameters to object property !, xrefs: 00ED34AB
Line %d (File "%s"):, xrefs: 00ED3443, 00ED345C
"%s" (%d) : ==> %s:, xrefs: 00ED3522
Error: , xrefs: 00ED34D1
"%s" (%d) : ==> %s:%s%s, xrefs: 00ED3504

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: f02c975a70fe75ebed32c52bfd0fddd4777d76ed049d991a09ffbad3f80391c0
Instruction ID: dabf17fc97203cf4e6c0aad97c2f69c5dc9ae099aa8f1471d6f987623f351a09
Opcode Fuzzy Hash: f02c975a70fe75ebed32c52bfd0fddd4777d76ed049d991a09ffbad3f80391c0
Instruction Fuzzy Hash: 4C51B131940209AADF14EBA0EE46EEEB3B9EF14380F205065F40573192EB356F59DB61

Function 00ECB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00ECB5FC
_wcslen.LIBCMT ref: 00ECB608
_wcslen.LIBCMT ref: 00ECB64D
_wcslen.LIBCMT ref: 00ECB68C
_wcslen.LIBCMT ref: 00ECB6C7

Strings

EXISTS, xrefs: 00ECB686, 00ECB68B
REMOVE, xrefs: 00ECB602, 00ECB607
APPEND, xrefs: 00ECB6C1, 00ECB6C6
KEYS, xrefs: 00ECB647, 00ECB64C

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: 5ab707dbf9f93da893da3bdb9ee3dc57a1395e4c64fe43b44c5041c1be8195eb
Instruction ID: 7abcb534be4a5d0b58eee820de8452572ed8f7373760c93d02e1912dafc636ea
Opcode Fuzzy Hash: 5ab707dbf9f93da893da3bdb9ee3dc57a1395e4c64fe43b44c5041c1be8195eb
Instruction Fuzzy Hash: 7A41CC32A001279ACB105F7DCA92BBE77A5AFA0758F24512DE465F7284E732CD42C790

Function 00ED5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00ED53A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00ED5416
GetLastError.KERNEL32 ref: 00ED5420
SetErrorMode.KERNEL32(00000000,READY), ref: 00ED54A7

Strings

READONLY, xrefs: 00ED5452
INVALID, xrefs: 00ED5459
UNKNOWN, xrefs: 00ED5444
READY, xrefs: 00ED5460, 00ED5468
NOTREADY, xrefs: 00ED544B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 678bee369235fb6099cfec4343956c1e8193a2f67a525e497814d536fcaa1416
Instruction ID: 1f213dedbe0d9fb4e2c0148c9855fb3fa3ada4cf9a5414d6ced83b5ec438496d
Opcode Fuzzy Hash: 678bee369235fb6099cfec4343956c1e8193a2f67a525e497814d536fcaa1416
Instruction Fuzzy Hash: 0E31D236A005089FD710DF68D584AEABBF4EF44309F24906AE412EB392D731DD87CB92

Function 00EF3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00EF3C79
SetMenu.USER32(?,00000000), ref: 00EF3C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EF3D10
IsMenu.USER32(?), ref: 00EF3D24
CreatePopupMenu.USER32 ref: 00EF3D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00EF3D5B
DrawMenuBar.USER32 ref: 00EF3D63

Strings

0, xrefs: 00EF3C54
F, xrefs: 00EF3D4E

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 32cb6426920f497d722618c906624e8818e07e8561ea319aa1f7edf69fdedc47
Instruction ID: 11460a0eb09bf0d1ce6faa03eab81135bc536f0ff64d8c2375566c2fc8af1e7a
Opcode Fuzzy Hash: 32cb6426920f497d722618c906624e8818e07e8561ea319aa1f7edf69fdedc47
Instruction Fuzzy Hash: 08418974A0120DEFDB14CF65D844AEA7BB5FF89354F240028FA06A7360D731AA14CF90

Function 00EC1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00EC1F64
GetDlgCtrlID.USER32 ref: 00EC1F6F
GetParent.USER32 ref: 00EC1F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00EC1F8E
GetDlgCtrlID.USER32(?), ref: 00EC1F97
GetParent.USER32(?), ref: 00EC1FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00EC1FAE

Strings

ListBox, xrefs: 00EC1F21
ComboBox, xrefs: 00EC1EEC

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 349956dd31620ebbaea4af4a8660e6769bce143f82e7aa94a91fc4fb15c64f29
Instruction ID: 468c33cd564e46dd03cbe8e411d4ec45865da8e14efaa65919144f13c545b8d6
Opcode Fuzzy Hash: 349956dd31620ebbaea4af4a8660e6769bce143f82e7aa94a91fc4fb15c64f29
Instruction Fuzzy Hash: 0D21F570A00118BFCF04AFA0DD44EFEBBB8EF46350B201149F961B3292DB358919DB61

Function 00EC1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00EC2043
GetDlgCtrlID.USER32 ref: 00EC204E
GetParent.USER32 ref: 00EC206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00EC206D
GetDlgCtrlID.USER32(?), ref: 00EC2076
GetParent.USER32(?), ref: 00EC208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00EC208D

Strings

ListBox, xrefs: 00EC2002
ComboBox, xrefs: 00EC1FCD

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: cbcca3a0977cee82e6eac82eaffd0b6f8345dbd6dcf2beb62a4fa07778bc93ab
Instruction ID: 58359050da497715c5deb60856eb321207ecb3e02801372b2c837afc26381466
Opcode Fuzzy Hash: cbcca3a0977cee82e6eac82eaffd0b6f8345dbd6dcf2beb62a4fa07778bc93ab
Instruction Fuzzy Hash: 5921F671900218BFCF14AFA0DD45EFEBBB8EF15340F20500AF951B71A1DA768919DB61

Function 00EF3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00EF3A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00EF3AA0
GetWindowLongW.USER32(?,000000F0), ref: 00EF3AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00EF3AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00EF3B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00EF3BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00EF3BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00EF3BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00EF3BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00EF3C13

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: d0708dffe0a8b3927f4e914ab86e0b059e9a33fece27bc2d0cbddf80fc74ade4
Instruction ID: a7ce7fd5bc44748250730113ba63a82060c113f58d35810ece035492f1a43d8e
Opcode Fuzzy Hash: d0708dffe0a8b3927f4e914ab86e0b059e9a33fece27bc2d0cbddf80fc74ade4
Instruction Fuzzy Hash: C8615A75900248AFDB10DFA8CC81EFEB7F8EB49714F104199FA15A72A1D770AE45DB60

Function 00ECB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00ECB151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB165
GetWindowThreadProcessId.USER32(00000000), ref: 00ECB16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 00ECB18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB21D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 7d49741ab55256523800a90cc1890af0d7ac9e78cd38941f9a4ddeea9f39345e
Instruction ID: c5c983f5d40b955eca88bc6aad81df10ef886590b6299d3bbc995835098f4381
Opcode Fuzzy Hash: 7d49741ab55256523800a90cc1890af0d7ac9e78cd38941f9a4ddeea9f39345e
Instruction Fuzzy Hash: 5931A0B1500208AFDB24DF25DE4AF7D7BAABB51329F205009F901E61A0D7B59E41DF60

Function 00E92C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00E92C94

Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0

_free.LIBCMT ref: 00E92CA0
_free.LIBCMT ref: 00E92CAB
_free.LIBCMT ref: 00E92CB6
_free.LIBCMT ref: 00E92CC1
_free.LIBCMT ref: 00E92CCC
_free.LIBCMT ref: 00E92CD7
_free.LIBCMT ref: 00E92CE2
_free.LIBCMT ref: 00E92CED
_free.LIBCMT ref: 00E92CFB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 4eabae7e7e4fa110150639090299747e8efd49d5a8781fee7514f3365264ce68
Instruction ID: b39173dc6a7cf45f9b3be3d9f47a470a6d620c0f302f9a30ab48ea8ad5a12014
Opcode Fuzzy Hash: 4eabae7e7e4fa110150639090299747e8efd49d5a8781fee7514f3365264ce68
Instruction Fuzzy Hash: BB117276500108BFCF02EF94D982CDD3BA9FF45350F9155A9FA48AF222DA31EE509B90

Function 00E61410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00E61459
OleUninitialize.OLE32(?,00000000), ref: 00E614F8
UnregisterHotKey.USER32(?), ref: 00E616DD
DestroyWindow.USER32(?), ref: 00EA24B9
FreeLibrary.KERNEL32(?), ref: 00EA251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00EA254B

Strings

close all, xrefs: 00E61454

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: f17727dd0ffa66b10ca8e15cda3661c4fc69194e478f9cd8c31f00e31dcdfc8a
Instruction ID: ea701d87f49935295f5475736a938edf426fe9e6b65b2a6262a164c5f36443c0
Opcode Fuzzy Hash: f17727dd0ffa66b10ca8e15cda3661c4fc69194e478f9cd8c31f00e31dcdfc8a
Instruction Fuzzy Hash: 82D1AC30701212CFCB1AEF19D595A68F7A0FF49354F28A1ADE54A7B261DB30AC12CF51

Function 00ED7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00ED7FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00ED7FC1
GetFileAttributesW.KERNEL32(?), ref: 00ED7FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00ED8005
SetCurrentDirectoryW.KERNEL32(?), ref: 00ED8017
SetCurrentDirectoryW.KERNEL32(?), ref: 00ED8060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00ED80B0

Strings

*.*, xrefs: 00ED8066

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: fc9a821645ecd74a9b2c10819e5f40790909b89cd34864c31c6c590748e3c3dd
Instruction ID: 8abbea836690c3548ad819eaf807c75646301e30ee69859a5ad3a6c89131c3cf
Opcode Fuzzy Hash: fc9a821645ecd74a9b2c10819e5f40790909b89cd34864c31c6c590748e3c3dd
Instruction Fuzzy Hash: C9819F715082419BDB20EF15C8449AEB3E8EB88354F14685FF8C9E7351EB35DD4ACB52

Function 00E65BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00E65C7A

Part of subcall function 00E65D0A: GetClientRect.USER32(?,?), ref: 00E65D30
Part of subcall function 00E65D0A: GetWindowRect.USER32(?,?), ref: 00E65D71
Part of subcall function 00E65D0A: ScreenToClient.USER32(?,?), ref: 00E65D99

GetDC.USER32 ref: 00EA46F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00EA4708
SelectObject.GDI32(00000000,00000000), ref: 00EA4716
SelectObject.GDI32(00000000,00000000), ref: 00EA472B
ReleaseDC.USER32(?,00000000), ref: 00EA4733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00EA47C4

Strings

U, xrefs: 00EA4693

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 4c5bb1763a6853647cb758db748e6e393833fbf78d4f9e9bd90833afcaf8e516
Instruction ID: 57e30a55012d7c8800c95522fabddf306d2ab27075b386609182101966926ef8
Opcode Fuzzy Hash: 4c5bb1763a6853647cb758db748e6e393833fbf78d4f9e9bd90833afcaf8e516
Instruction Fuzzy Hash: 0A710071500208DFCF218F64C984AFA7BB1FFCA368F24626AF9517A1A6C770A841DF50

Function 00ED359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00ED35E4

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

LoadStringW.USER32(00F32390,?,00000FFF,?), ref: 00ED360A

Strings

Line %d (File "%s"):, xrefs: 00ED366B
"%s" (%d) : ==> %s:, xrefs: 00ED3742
Error: , xrefs: 00ED36EF
^ ERROR, xrefs: 00ED36C9
"%s" (%d) : ==> %s:%s%s, xrefs: 00ED3724

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 263893f4a13c444ee6f7e44a833a3842e39c43bab493ba76afc80823e3aea81b
Instruction ID: 73410c6f584134dde55fc1b4503d90975eedd7737086257ee143b262c8df9473
Opcode Fuzzy Hash: 263893f4a13c444ee6f7e44a833a3842e39c43bab493ba76afc80823e3aea81b
Instruction Fuzzy Hash: F051C271840209BBCF14EBA0ED42EEEBBB8EF14350F146126F105721A2DB315B99DF61

Function 00EF8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2

Part of subcall function 00E7912D: GetCursorPos.USER32(?), ref: 00E79141
Part of subcall function 00E7912D: ScreenToClient.USER32(00000000,?), ref: 00E7915E
Part of subcall function 00E7912D: GetAsyncKeyState.USER32(00000001), ref: 00E79183
Part of subcall function 00E7912D: GetAsyncKeyState.USER32(00000002), ref: 00E7919D

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00EF8B6B
ImageList_EndDrag.COMCTL32 ref: 00EF8B71
ReleaseCapture.USER32 ref: 00EF8B77
SetWindowTextW.USER32(?,00000000), ref: 00EF8C12
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00EF8C25
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00EF8CFF

Strings

@GUI_DRAGFILE, xrefs: 00EF8C9A
@GUI_DROPID, xrefs: 00EF8C51

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID
API String ID: 1924731296-2107944366
Opcode ID: d1171af0bbd0e5217ac7a9153084eaaa025f25771a5c69ec2bb2cd522674614d
Instruction ID: f0bf15b105237cf72d0dc568abc25f868bf061890c82f03323b6350a1f4b105b
Opcode Fuzzy Hash: d1171af0bbd0e5217ac7a9153084eaaa025f25771a5c69ec2bb2cd522674614d
Instruction Fuzzy Hash: 2F51BE70205308AFD704DF10DD56BBAB7E4FB88754F50162DFA56A72E2CB709904CB62

Function 00EDC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00EDC272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00EDC29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00EDC2CA
GetLastError.KERNEL32 ref: 00EDC322
SetEvent.KERNEL32(?), ref: 00EDC336
InternetCloseHandle.WININET(00000000), ref: 00EDC341

Strings

, xrefs: 00EDC2BB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 6a66612165b8fadcf7c0f17f6e7614fb9850b01d796262b02f229dbd0779885c
Instruction ID: 0510e5ba1e1c0f43df988666e96793a8b7089dc96fab58fc81526fb2a89db498
Opcode Fuzzy Hash: 6a66612165b8fadcf7c0f17f6e7614fb9850b01d796262b02f229dbd0779885c
Instruction Fuzzy Hash: 16318DB1600609AFD7219F658D88ABB7BFCEB49784B30951FF446A2350DB30DD0ADB60

Function 00EC989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00EA3AAF,?,?,Bad directive syntax error,00EFCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00EC98BC
LoadStringW.USER32(00000000,?,00EA3AAF,?), ref: 00EC98C3

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00EC9987

Strings

., xrefs: 00EC996D
Line %d (File "%s"):, xrefs: 00EC992D
Error: , xrefs: 00EC9955
Line %d:, xrefs: 00EC9912
%s (%d) : ==> %s.: %s %s, xrefs: 00EC98F1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: a450229681c8fafdf5d85fbc7a2c9538be02ff3be4039ff15913478d1ecad901
Instruction ID: e1c711ec29c8c3311100909aea47f1d45e485bba593ae945d7f2ea39d20ee197
Opcode Fuzzy Hash: a450229681c8fafdf5d85fbc7a2c9538be02ff3be4039ff15913478d1ecad901
Instruction Fuzzy Hash: FA217E3188021EABCF15EF90DD0AEFE77B9BF18740F046469F515760A2EB31AA18DB11

Function 00EC209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00EC20AB
GetClassNameW.USER32(00000000,?,00000100), ref: 00EC20C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00EC214D

Strings

details, xrefs: 00EC20FB
smallicons, xrefs: 00EC2115
largeicons, xrefs: 00EC20E1
SHELLDLL_DefView, xrefs: 00EC20CC
list, xrefs: 00EC212F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 6be9eb1c254d7d8d640b15c2e6c6e013fce93edea9149ef460bcd554fa379193
Instruction ID: fa543a60aa56d36342ed7531562266276cd641c6702b655b06a032e4ac2be0c9
Opcode Fuzzy Hash: 6be9eb1c254d7d8d640b15c2e6c6e013fce93edea9149ef460bcd554fa379193
Instruction Fuzzy Hash: 1611E776688717B9F6052620AD06EE6379CCB04B24B20206EFB08B50E1FE7298066A15

Function 00E9CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00E9CEB7
_free.LIBCMT ref: 00E9CF22
_free.LIBCMT ref: 00E9CF48
_free.LIBCMT ref: 00E9CF71
_free.LIBCMT ref: 00E9CFA9
_free.LIBCMT ref: 00E9CFDA
_free.LIBCMT ref: 00E9D01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00E9D09C
_free.LIBCMT ref: 00E9D0B5

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 9562a8cd904f2a6e082b1a31cf57bfc9884352b90c1bb0986d0e73844dff8294
Instruction ID: ea125274322296895b425c43b5f70c17fc2dbba26f17759371dea81f2f11df13
Opcode Fuzzy Hash: 9562a8cd904f2a6e082b1a31cf57bfc9884352b90c1bb0986d0e73844dff8294
Instruction Fuzzy Hash: D8617871A04314AFDF21BFB49C91AA97BE6EF05364F24116EF909B7281DB319D018790

Function 00E78B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00EB6890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00EB68A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00EB68B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00EB68D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00EB68F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00E78874,00000000,00000000,00000000,000000FF,00000000), ref: 00EB6901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00EB691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00E78874,00000000,00000000,00000000,000000FF,00000000), ref: 00EB692D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 8adc81a9f172bf1ddf5329e679b8bdc5e3b941c6b3d270b1c1d17e12dba6e489
Instruction ID: 05172463764e742ec7e5c4563b915b65496285703c3dd4235471530ae809a378
Opcode Fuzzy Hash: 8adc81a9f172bf1ddf5329e679b8bdc5e3b941c6b3d270b1c1d17e12dba6e489
Instruction Fuzzy Hash: 3751BC74600209EFDB20CF25CD55FAA7BB5FF98764F209518F90AA72A0DB70E950DB40

Function 00EDC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00EDC182
GetLastError.KERNEL32 ref: 00EDC195
SetEvent.KERNEL32(?), ref: 00EDC1A9

Part of subcall function 00EDC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00EDC272
Part of subcall function 00EDC253: GetLastError.KERNEL32 ref: 00EDC322
Part of subcall function 00EDC253: SetEvent.KERNEL32(?), ref: 00EDC336
Part of subcall function 00EDC253: InternetCloseHandle.WININET(00000000), ref: 00EDC341

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: ca1742675156ff5ceba820cca9e21467021e929d0454e647eb6314446ca31d01
Instruction ID: d1ac295deeead0a9b2ff85bcfd127c4a22f2ce8ecd1d4fb5656cbdd1ec1ef7e6
Opcode Fuzzy Hash: ca1742675156ff5ceba820cca9e21467021e929d0454e647eb6314446ca31d01
Instruction Fuzzy Hash: CC31A071201A06AFDB219FB5DD44AB6BBF8FF58384B30541EF956A2720D730E816DB60

Function 00EC25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EC3A57
Part of subcall function 00EC3A3D: GetCurrentThreadId.KERNEL32 ref: 00EC3A5E
Part of subcall function 00EC3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00EC25B3), ref: 00EC3A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 00EC25BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00EC25DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00EC25DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 00EC25E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00EC2601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00EC2605
MapVirtualKeyW.USER32(00000025,00000000), ref: 00EC260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00EC2623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00EC2627

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: cd7e3a21ec67723eccd1c5ed814e11a2cbee7ceabf42f8e29df171ae716a42a7
Instruction ID: 34ce8476cd8e9c07fddf6c778e740af58c91c8c6972bed9dfccdde2c61b17304
Opcode Fuzzy Hash: cd7e3a21ec67723eccd1c5ed814e11a2cbee7ceabf42f8e29df171ae716a42a7
Instruction Fuzzy Hash: BC01D830394214BBFB1067699C8AF697FA9DF8EB11F701005F314BE1D1C9F25459CA6A

Function 00EC1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00EC1449,?,?,00000000), ref: 00EC180C
HeapAlloc.KERNEL32(00000000,?,00EC1449,?,?,00000000), ref: 00EC1813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00EC1449,?,?,00000000), ref: 00EC1828
GetCurrentProcess.KERNEL32(?,00000000,?,00EC1449,?,?,00000000), ref: 00EC1830
DuplicateHandle.KERNEL32(00000000,?,00EC1449,?,?,00000000), ref: 00EC1833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00EC1449,?,?,00000000), ref: 00EC1843
GetCurrentProcess.KERNEL32(00EC1449,00000000,?,00EC1449,?,?,00000000), ref: 00EC184B
DuplicateHandle.KERNEL32(00000000,?,00EC1449,?,?,00000000), ref: 00EC184E
CreateThread.KERNEL32(00000000,00000000,00EC1874,00000000,00000000,00000000), ref: 00EC1868

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 2d214299d5cfad202b52f48b9a3e3fb451b90111d0f5a709dca0c0f038d52f29
Instruction ID: dffa5d2f6aef0419b2b1a3f4dd0eb75961c520ecd22645cab2857f3a5201e102
Opcode Fuzzy Hash: 2d214299d5cfad202b52f48b9a3e3fb451b90111d0f5a709dca0c0f038d52f29
Instruction Fuzzy Hash: 4A01C275241308BFE710AF75DD4DF673B6CEB89B11F604451FA05EB192C6719814DB60

Function 00E93E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00E93F0B
__alldvrm.LIBCMT ref: 00E9410C
__alldvrm.LIBCMT ref: 00E9412E

Strings

}}, xrefs: 00E940CD
}}, xrefs: 00E93E8A
}}, xrefs: 00E93E96, 00E93EF1, 00E93F0A, 00E94090

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID: }}$}}$}}
API String ID: 1036877536-1495402609
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: bfe25145c75e5eaa18489f7f81ec8506ae5037b3839af7528ab921ed679d6ee0
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: CEA167B2E003869FDF25CF28C881BEEBBE5EF65354F1451ADE585BB281C2349982C751

Function 00EEA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00ECD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00ECD501
Part of subcall function 00ECD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00ECD50F
Part of subcall function 00ECD4DC: CloseHandle.KERNEL32(00000000), ref: 00ECD5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00EEA16D
GetLastError.KERNEL32 ref: 00EEA180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00EEA1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 00EEA268
GetLastError.KERNEL32(00000000), ref: 00EEA273
CloseHandle.KERNEL32(00000000), ref: 00EEA2C4

Strings

SeDebugPrivilege, xrefs: 00EEA18F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: d43e01637359fa986d3f893a21ab16bac236e83155bb123be4508397480a7a13
Instruction ID: 5c0754c90cdf511407b0c6b1563357fe2ea904e380170711d4222a44fcc092a5
Opcode Fuzzy Hash: d43e01637359fa986d3f893a21ab16bac236e83155bb123be4508397480a7a13
Instruction Fuzzy Hash: 8661BE702052829FD710DF16C494F25BBE1AF44318F28949CE566AB7A3C772FC49CB92

Function 00EF3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00EF3925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00EF393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00EF3954
_wcslen.LIBCMT ref: 00EF3999
SendMessageW.USER32(?,00001057,00000000,?), ref: 00EF39C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00EF39F4

Strings

SysListView32, xrefs: 00EF38F7

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: afe0000e2d906ab0b391a97127369cecde7f9ec2052ca8e2b351cd395a4f92c5
Instruction ID: 6adfe5ec6962de130669e661a77559fb457e68b310b07b8dc5ef4884d06826bb
Opcode Fuzzy Hash: afe0000e2d906ab0b391a97127369cecde7f9ec2052ca8e2b351cd395a4f92c5
Instruction Fuzzy Hash: C541B271A0021DABDF219F64CC45BFA77A9EF48354F201526FA58F7281D7B1D984CB90

Function 00ECBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00ECBCFD
IsMenu.USER32(00000000), ref: 00ECBD1D
CreatePopupMenu.USER32 ref: 00ECBD53
GetMenuItemCount.USER32(011156F8), ref: 00ECBDA4
InsertMenuItemW.USER32(011156F8,?,00000001,00000030), ref: 00ECBDCC

Strings

0, xrefs: 00ECBCA8
2, xrefs: 00ECBD37

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: ba7c9d3df044c409a63c9b814c0e3706a66adbecd64f245c6e9d9269e2d38480
Instruction ID: fd4852b427ff14d8685897f0963d6f0882615b33a12f1cc849fca79db201157d
Opcode Fuzzy Hash: ba7c9d3df044c409a63c9b814c0e3706a66adbecd64f245c6e9d9269e2d38480
Instruction Fuzzy Hash: 2651AE70A003099BDB10CFA9DA86FAEBFF8AF85318F24515DE402F7290D7729946CB51

Function 00E82D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00E82D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00E82D53
_ValidateLocalCookies.LIBCMT ref: 00E82DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00E82E0C
_ValidateLocalCookies.LIBCMT ref: 00E82E61

Strings

&H, xrefs: 00E82DFE, 00E82E07, 00E82E18
csm, xrefs: 00E82DF6

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: &H$csm
API String ID: 1170836740-1242228090
Opcode ID: a2d2aeb984bc61e78bd82160df27def4fe2df01e9bde2ebd465e304c4a4854c7
Instruction ID: 1906d687d6c23007b16a98a9a678e6883e7512a9eafd409c3125e8b1c001a1de
Opcode Fuzzy Hash: a2d2aeb984bc61e78bd82160df27def4fe2df01e9bde2ebd465e304c4a4854c7
Instruction Fuzzy Hash: 8C419434A002099BCF14EF68C845A9EBFF5BF44318F149159E91DBB392D731AA05CBD1

Function 00ECC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00ECC913

Strings

question, xrefs: 00ECC8CC
blank, xrefs: 00ECC895
warning, xrefs: 00ECC8FC
info, xrefs: 00ECC8B4
stop, xrefs: 00ECC8E4

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 420a58f45bd4b484dcdbbcbae1081c27167e05b087ee35ab8431fee01fd61a78
Instruction ID: 273edc55029bdf55dad7c05354f198f9cb6879ab809365665adbfc34ea8a1c94
Opcode Fuzzy Hash: 420a58f45bd4b484dcdbbcbae1081c27167e05b087ee35ab8431fee01fd61a78
Instruction Fuzzy Hash: FA112E32689317BEA704A714AD82EEB67DCDF55358B30102EF50CF52C1E772AD025365

Function 00ECDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00ECDE42
gethostname.WSOCK32(?,00000100), ref: 00ECDE5C
gethostbyname.WSOCK32(?), ref: 00ECDE69
inet_ntoa.WSOCK32(?), ref: 00ECDEAB
_strcat.LIBCMT ref: 00ECDEB9
WSACleanup.WSOCK32 ref: 00ECDEDE

Strings

0.0.0.0, xrefs: 00ECDE87

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 51e4a1c0a68682301fa582e89ec4d637a21add4e0063e3357f3168f57f15d73b
Instruction ID: 7daf12d1fbd22e595eb88c3e1e76ba08416e5307223476304c7fcd825f1dbd22
Opcode Fuzzy Hash: 51e4a1c0a68682301fa582e89ec4d637a21add4e0063e3357f3168f57f15d73b
Instruction Fuzzy Hash: 52110271808109AFCB20BB209E0AEEA77ACDB54314F20117AF00DB6091EF728A86CB50

Function 00EF9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2

GetSystemMetrics.USER32(0000000F), ref: 00EF9FC7
GetSystemMetrics.USER32(0000000F), ref: 00EF9FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00EFA224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00EFA242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00EFA263
ShowWindow.USER32(00000003,00000000), ref: 00EFA282
InvalidateRect.USER32(?,00000000,00000001), ref: 00EFA2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 00EFA2CA

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: a206fc67abec34840d1dc8d2abc5e566b6f517bacfbb5b0dda154ce11d24d5cf
Instruction ID: baac4a50ebc38aebed7345ddcfcb6d1085a71bfc8bedceb6e8bf5c75fc7ce0e0
Opcode Fuzzy Hash: a206fc67abec34840d1dc8d2abc5e566b6f517bacfbb5b0dda154ce11d24d5cf
Instruction Fuzzy Hash: 65B1B9B1600219DFDF14CF68C9847BA3BB2BF44705F19907AEE89AF295D731AA40CB51

Function 00ECED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00ECED2A
_wcslen.LIBCMT ref: 00ECED3B
_wcslen.LIBCMT ref: 00ECED79
_wcslen.LIBCMT ref: 00ECEDAF
_wcslen.LIBCMT ref: 00ECEDDF
_wcslen.LIBCMT ref: 00ECEDEF
_wcslen.LIBCMT ref: 00ECEE2B
_wcslen.LIBCMT ref: 00ECEE5A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: a1747db5d5547bb787c000de6e5d8fc0bca37a8bb2193813b5959fb3a64127a7
Instruction ID: 9597a1353c39f1b471002c0f4c88f858265cbd2e193456e56e732962152ee121
Opcode Fuzzy Hash: a1747db5d5547bb787c000de6e5d8fc0bca37a8bb2193813b5959fb3a64127a7
Instruction Fuzzy Hash: AF417E65C1021966CB21FBB48C8AACFB7E8EF45710F50A466E51CF3262EB34E255C3A5

Function 00E7F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00EB682C,00000004,00000000,00000000), ref: 00E7F953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00EB682C,00000004,00000000,00000000), ref: 00EBF3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00EB682C,00000004,00000000,00000000), ref: 00EBF454

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: e9c0edcdcb338c1211856c0f41b51cdc75354e3924bf2abe04d9bbfb9e554244
Instruction ID: 0d810ac0f22005ffdcbfb031569431891e02555cda9dc15d93b41deabe6ec3d4
Opcode Fuzzy Hash: e9c0edcdcb338c1211856c0f41b51cdc75354e3924bf2abe04d9bbfb9e554244
Instruction Fuzzy Hash: 07412B31508680BEC7349B6D8D887BB7BE2ABD5318F24E03DE25F76561D671D884CB11

Function 00EF2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00EF2D1B
GetDC.USER32(00000000), ref: 00EF2D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EF2D2E
ReleaseDC.USER32(00000000,00000000), ref: 00EF2D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00EF2D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00EF2D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00EF5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00EF2DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00EF2DE1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 595770cdaf00baec60147133031dfae2fab83625943a182a257c3d8820f2a7f1
Instruction ID: d093a6348e5516e1bf6d9f0d30070e282cc01860cf12d397f02d2b6b9736dce8
Opcode Fuzzy Hash: 595770cdaf00baec60147133031dfae2fab83625943a182a257c3d8820f2a7f1
Instruction Fuzzy Hash: A6319872201218AFEB208F11CC8AFBB3BA9EB49715F244055FF08EA291C6758845CBA1

Function 00EC5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00EC5637
_memcmp.LIBVCRUNTIME ref: 00EC5659
_memcmp.LIBVCRUNTIME ref: 00EC5671
_memcmp.LIBVCRUNTIME ref: 00EC5684
_memcmp.LIBVCRUNTIME ref: 00EC569E
_memcmp.LIBVCRUNTIME ref: 00EC56B1
_memcmp.LIBVCRUNTIME ref: 00EC56C9
_memcmp.LIBVCRUNTIME ref: 00EC56E4

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: b37d69ee2572b8182082392133d8d6fa8ff8ad6d41158a870c6eab6e9cb8e08f
Instruction ID: 771a42eafc265e784f044350f5b991ae323ccaec9e99bb02b8bc681c52276819
Opcode Fuzzy Hash: b37d69ee2572b8182082392133d8d6fa8ff8ad6d41158a870c6eab6e9cb8e08f
Instruction Fuzzy Hash: BE21AA63640B1977D61465108F82FFA739CAF11388F542029FE0C7A541F722FD9382A9

Function 00EE4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00EE5007
NULL Pointer assignment, xrefs: 00EE502E, 00EE5383

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 192ad4e0fca1c4532e0ea6ac3e9240e7c853cce2e6f321019283d92aa9d36a01
Instruction ID: 9d4693819ab57eeb302abe85a689295d9b5b5bd0baa32d63b358ec1c3dc2b9f6
Opcode Fuzzy Hash: 192ad4e0fca1c4532e0ea6ac3e9240e7c853cce2e6f321019283d92aa9d36a01
Instruction Fuzzy Hash: 27D1B072A0064E9FDF10CFA9C881BAEB7B5BF48358F149069E915BB281E770DD45CB90

Function 00EA1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00EA17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00EA15CE
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00EA17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00EA1651
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00EA17FB,?,00EA17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00EA16E4
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00EA17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00EA16FB

Part of subcall function 00E93820: RtlAllocateHeap.NTDLL(00000000,?,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6,?,00E61129), ref: 00E93852

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00EA17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00EA1777
__freea.LIBCMT ref: 00EA17A2
__freea.LIBCMT ref: 00EA17AE

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 7e4ed822ca9c5a7e5012e2c9bf7bd0917f181f96246504446be69ac82c3a1985
Instruction ID: ef40a0fef5eb6ba84278eb0a1bd4462256d6ec665568a9f69b7cebb4d266ac4d
Opcode Fuzzy Hash: 7e4ed822ca9c5a7e5012e2c9bf7bd0917f181f96246504446be69ac82c3a1985
Instruction Fuzzy Hash: F091A371E002169ADF248E74C881AEE7BF5AF8F714F186599F801FB181D725ED44CB60

Function 00EE4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00EE4648
VariantInit.OLEAUT32(?), ref: 00EE4749
VariantClear.OLEAUT32(?), ref: 00EE4753
VariantClear.OLEAUT32(?), ref: 00EE47B0

Strings

Incorrect Object type in FOR..IN loop, xrefs: 00EE472C
Null Object assignment in FOR..IN loop, xrefs: 00EE45D8, 00EE4706, 00EE47BE

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 430d2be3d19f1120961f6a25cf6a27597d47b41a4979d1c27d1c8b07d67b539a
Instruction ID: c74589dcd5cf62b9e061c9f43543685c1e1193cd4eab88ec19ce05f83eac0417
Opcode Fuzzy Hash: 430d2be3d19f1120961f6a25cf6a27597d47b41a4979d1c27d1c8b07d67b539a
Instruction Fuzzy Hash: 4D91B2B1A00259AFDF20CFA6D844FAEBBB8EF46714F10955AF505BB280D7709945CFA0

Function 00ED1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00ED125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00ED1284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00ED12A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00ED12D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00ED135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00ED13C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00ED1430

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 73b14132b8383641aba214a00b0ac7e4cf29ba14fbcf29f4e206100b9a201b54
Instruction ID: a3550bdf2126fa44a298ab9475540aa685e473475e3107ece826d149480e1766
Opcode Fuzzy Hash: 73b14132b8383641aba214a00b0ac7e4cf29ba14fbcf29f4e206100b9a201b54
Instruction Fuzzy Hash: 6891BF71A00218AFDB009F98C884BBEB7B5FF45315F24606AE950FB3A1D775A946CB90

Function 00E7948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: ca463150d3d86d51c543fc0de6d62fa25f927720636dcaa6f61c69ebe86b36a4
Instruction ID: 703728c5a3a5b4fc36686e69cfe15e041339132315d92fcc37e084448aabe1bb
Opcode Fuzzy Hash: ca463150d3d86d51c543fc0de6d62fa25f927720636dcaa6f61c69ebe86b36a4
Instruction Fuzzy Hash: 07914971D00219EFCB10CFA9CC84AEEBBB8FF89324F249155E515B7252D774A942CB60

Function 00EE3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00EE396B
CharUpperBuffW.USER32(?,?), ref: 00EE3A7A
_wcslen.LIBCMT ref: 00EE3A8A
VariantClear.OLEAUT32(?), ref: 00EE3C1F

Part of subcall function 00ED0CDF: VariantInit.OLEAUT32(00000000), ref: 00ED0D1F
Part of subcall function 00ED0CDF: VariantCopy.OLEAUT32(?,?), ref: 00ED0D28
Part of subcall function 00ED0CDF: VariantClear.OLEAUT32(?), ref: 00ED0D34

Strings

AUTOIT.ERROR, xrefs: 00EE3A80, 00EE3A85
Incorrect Parameter format, xrefs: 00EE39A6, 00EE3BA1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: aa970458f11e6d6f8f48a8a419f01df10b0892b5d78908045d0b480a2776be84
Instruction ID: 9b3c23634c753df715a6d1f27eb241fa137df2265b2f6ec2e11cddfc4a6c48e7
Opcode Fuzzy Hash: aa970458f11e6d6f8f48a8a419f01df10b0892b5d78908045d0b480a2776be84
Instruction Fuzzy Hash: 7E919D746083459FC704EF25C48496AB7E5FF88318F14986EF88AA7351DB31EE45CB92

Function 00EE4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00EC000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?,?,00EC035E), ref: 00EC002B
Part of subcall function 00EC000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?), ref: 00EC0046
Part of subcall function 00EC000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?), ref: 00EC0054
Part of subcall function 00EC000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?), ref: 00EC0064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00EE4C51
_wcslen.LIBCMT ref: 00EE4D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00EE4DCF
CoTaskMemFree.OLE32(?), ref: 00EE4DDA

Strings

NULL Pointer assignment, xrefs: 00EE4E23, 00EE4E52

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 768a8689a5500f8e37728572483f6e4a98121913c9d50408f1e3e98e72fc0973
Instruction ID: 6426916c3d04c87654c50986f4010fc6d75a9217aaf14d68faec031df9da14c3
Opcode Fuzzy Hash: 768a8689a5500f8e37728572483f6e4a98121913c9d50408f1e3e98e72fc0973
Instruction Fuzzy Hash: 819148B1D0025D9FDF14DFA5D881AEEB7B8BF08314F205169E915BB291DB305A45CF60

Function 00EF20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00EF2183
GetMenuItemCount.USER32(00000000), ref: 00EF21B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00EF21DD
_wcslen.LIBCMT ref: 00EF2213
GetMenuItemID.USER32(?,?), ref: 00EF224D
GetSubMenu.USER32(?,?), ref: 00EF225B

Part of subcall function 00EC3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EC3A57
Part of subcall function 00EC3A3D: GetCurrentThreadId.KERNEL32 ref: 00EC3A5E
Part of subcall function 00EC3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00EC25B3), ref: 00EC3A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00EF22E3

Part of subcall function 00ECE97B: Sleep.KERNEL32 ref: 00ECE9F3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 483ff2a331eb602bfdde807b71e44fd9b2885d26ca1b019e736b99382967bae8
Instruction ID: 7ff58647eb638ace7b33bab3969530d3209a3430521c18e412fe651a16265858
Opcode Fuzzy Hash: 483ff2a331eb602bfdde807b71e44fd9b2885d26ca1b019e736b99382967bae8
Instruction Fuzzy Hash: 1B718C75A00209AFCB10DFA4C841ABEB7F1EF88314F249459EA56BB351DB34AD418B90

Function 00EF7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(011157E8), ref: 00EF7F37
IsWindowEnabled.USER32(011157E8), ref: 00EF7F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00EF801E
SendMessageW.USER32(011157E8,000000B0,?,?), ref: 00EF8051
IsDlgButtonChecked.USER32(?,?), ref: 00EF8089
GetWindowLongW.USER32(011157E8,000000EC), ref: 00EF80AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00EF80C3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 4a24010110f85835300d2c06a635530c5b48c114e4433e49f57d0963d373c1d8
Instruction ID: 0623410c3575b18af8d4efebc1037f3df409967bcd4b3eb59161f9ec270b39ee
Opcode Fuzzy Hash: 4a24010110f85835300d2c06a635530c5b48c114e4433e49f57d0963d373c1d8
Instruction Fuzzy Hash: 2B719E3560820CAFEB219F64C984FFA7BB9FF49304F245499EA85B7261CB31A845DB10

Function 00ECAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00ECAEF9
GetKeyboardState.USER32(?), ref: 00ECAF0E
SetKeyboardState.USER32(?), ref: 00ECAF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 00ECAF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 00ECAFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 00ECAFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00ECB020

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 3c2a704f09cdff2d59e472424f59d0113bee84f8be97e92b3f77d451ba37453c
Instruction ID: 7505b1f416d15e16d7e6e7e73c117772cc92a63b291caae42ba58a710fcf32e6
Opcode Fuzzy Hash: 3c2a704f09cdff2d59e472424f59d0113bee84f8be97e92b3f77d451ba37453c
Instruction Fuzzy Hash: 6F51D1A06043D93DFB364234C946FBA7EE95B06308F0C949DE1D5A54C2C3AAA8CAD752

Function 00ECACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00ECAD19
GetKeyboardState.USER32(?), ref: 00ECAD2E
SetKeyboardState.USER32(?), ref: 00ECAD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00ECADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00ECADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00ECAE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00ECAE38

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 0f83c8cabe86367269bb6cb0eaf758f56b2a3a7df04f13b44de9ea18c284c88c
Instruction ID: dc3df3d51e82030471dcf703e1f8c561cdef9f34cd1de50e6c16b17c29fac34e
Opcode Fuzzy Hash: 0f83c8cabe86367269bb6cb0eaf758f56b2a3a7df04f13b44de9ea18c284c88c
Instruction Fuzzy Hash: CB51E5A05047D93DFB3682348D45FBA7EA85B4530CF0C949CE1D6A68C3C296ECCAD792

Function 00E9542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00EA3CD6,?,?,?,?,?,?,?,?,00E95BA3,?,?,00EA3CD6,?,?), ref: 00E95470
__fassign.LIBCMT ref: 00E954EB
__fassign.LIBCMT ref: 00E95506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00EA3CD6,00000005,00000000,00000000), ref: 00E9552C
WriteFile.KERNEL32(?,00EA3CD6,00000000,00E95BA3,00000000,?,?,?,?,?,?,?,?,?,00E95BA3,?), ref: 00E9554B
WriteFile.KERNEL32(?,?,00000001,00E95BA3,00000000,?,?,?,?,?,?,?,?,?,00E95BA3,?), ref: 00E95584

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 13ec6b41dbe737c07891dc9093c0cdb883786d449c993acb6460b97a8c990e34
Instruction ID: b4a23eaa8fd98e1904ccfacd1a5c3237db9dfaca4e34624dba93d81a9aac56f1
Opcode Fuzzy Hash: 13ec6b41dbe737c07891dc9093c0cdb883786d449c993acb6460b97a8c990e34
Instruction Fuzzy Hash: 5B51C171A006099FDF11CFA8D841AEEBBF9EF49300F25515AE555F7292D6309A41CF60

Function 00EE10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00EE304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00EE307A
Part of subcall function 00EE304E: _wcslen.LIBCMT ref: 00EE309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00EE1112
WSAGetLastError.WSOCK32 ref: 00EE1121
WSAGetLastError.WSOCK32 ref: 00EE11C9
closesocket.WSOCK32(00000000), ref: 00EE11F9

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: e2fee7b216aa195e4ad52f121cb6209e36c617eb5a75472b019da131d324ea13
Instruction ID: 01862202e01e51d8d20a4d33257998d883fe6e5d8e6ed8b9ce9b529fb712c633
Opcode Fuzzy Hash: e2fee7b216aa195e4ad52f121cb6209e36c617eb5a75472b019da131d324ea13
Instruction Fuzzy Hash: 2E411631200248AFDB109F65C844BA9B7E9EF84368F249099F905BB291C770AD85CBA0

Function 00ECCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ECDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00ECCF22,?), ref: 00ECDDFD

Part of subcall function 00ECDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00ECCF22,?), ref: 00ECDE16

lstrcmpiW.KERNEL32(?,?), ref: 00ECCF45
MoveFileW.KERNEL32(?,?), ref: 00ECCF7F
_wcslen.LIBCMT ref: 00ECD005
_wcslen.LIBCMT ref: 00ECD01B
SHFileOperationW.SHELL32(?), ref: 00ECD061

Strings

\*.*, xrefs: 00ECCFF3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: e72d9968e1f5fc6c480d7d8b224687781edfe59cf67bc54b8755a16cb92862c9
Instruction ID: e1fd6b46aebb625ae3762ec0b8343fd00a8187975d36570fc5e0175c61ae2b3e
Opcode Fuzzy Hash: e72d9968e1f5fc6c480d7d8b224687781edfe59cf67bc54b8755a16cb92862c9
Instruction Fuzzy Hash: 8D4184719052185EDF12EBA4DA81FDDB7F8AF48380F1410EAE509FB142EA35A649CB10

Function 00EF2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00EF2E1C
GetWindowLongW.USER32(?,000000F0), ref: 00EF2E4F
GetWindowLongW.USER32(?,000000F0), ref: 00EF2E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00EF2EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00EF2EE0
GetWindowLongW.USER32(?,000000F0), ref: 00EF2EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EF2F0B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: d4aec245ffe05c6c154872a732152be4acde3ca340f14375d8fd210a037d5526
Instruction ID: 1cecbc066608f13ce097cb26aa2a5a782e224155e4512f43a1b7aec3e6e120d4
Opcode Fuzzy Hash: d4aec245ffe05c6c154872a732152be4acde3ca340f14375d8fd210a037d5526
Instruction Fuzzy Hash: 043114316451489FEB228F18DD84FA537E1FB8AB24F251168FB00EF2B1CB71A844EB01

Function 00EC7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EC7769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EC778F
SysAllocString.OLEAUT32(00000000), ref: 00EC7792
SysAllocString.OLEAUT32(?), ref: 00EC77B0
SysFreeString.OLEAUT32(?), ref: 00EC77B9
StringFromGUID2.OLE32(?,?,00000028), ref: 00EC77DE
SysAllocString.OLEAUT32(?), ref: 00EC77EC

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 66b9dbdd1b18ff8908f30f75b87985e41c4c0a97e3db919e28ef90ccdec6a55a
Instruction ID: 97263008ef181429e66b9369a36f5cd54163f1e02814bf0d9851480806693aee
Opcode Fuzzy Hash: 66b9dbdd1b18ff8908f30f75b87985e41c4c0a97e3db919e28ef90ccdec6a55a
Instruction Fuzzy Hash: 4821B27660421DAFDB10DFA9DD88DBB73ACEB09364720802AF954EB150D670DC46CB64

Function 00EC77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EC7842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EC7868
SysAllocString.OLEAUT32(00000000), ref: 00EC786B
SysAllocString.OLEAUT32 ref: 00EC788C
SysFreeString.OLEAUT32 ref: 00EC7895
StringFromGUID2.OLE32(?,?,00000028), ref: 00EC78AF
SysAllocString.OLEAUT32(?), ref: 00EC78BD

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: eab05ce7404e23991549a67106bff92bd9b71d7442a63a1be2d37730857696ff
Instruction ID: d25a2151624408391cc853a86ff0ac5b2b5ff22f3a9ee67830a1c3606d969070
Opcode Fuzzy Hash: eab05ce7404e23991549a67106bff92bd9b71d7442a63a1be2d37730857696ff
Instruction Fuzzy Hash: 8B21C732604118AFDB149FA9DD89EBA77ECEB083607208029FA54EB1A0D670DC45CB64

Function 00ED04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00ED04F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00ED052E

Strings

nul, xrefs: 00ED0567

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 2d7bb1bedf95241da1242bf70871904d2c1bf19c2e427722b10086b05854eeb1
Instruction ID: d71b156a8360c3524ce621ffab63e238fd11cb9db36e8531dea28b7ef30d9c2e
Opcode Fuzzy Hash: 2d7bb1bedf95241da1242bf70871904d2c1bf19c2e427722b10086b05854eeb1
Instruction Fuzzy Hash: 7D215175500305DFDB309F29E845B9A77A4EF84728F244A1AECA1F72E0D7709955DF20

Function 00ED05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00ED05C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00ED0601

Strings

nul, xrefs: 00ED0639

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 7d75950b22c1631dbc5698154abc507f2a562847df60c83cda01fec499385a54
Instruction ID: 544cf8c594a4eb0cfafb6e0ec1d4c21b97093a9111312ce40066896e829daec9
Opcode Fuzzy Hash: 7d75950b22c1631dbc5698154abc507f2a562847df60c83cda01fec499385a54
Instruction Fuzzy Hash: F6216D755002059FDB209F699804BAA77E4EF95724F341A1AE8B1F73E0D670D866CB20

Function 00EF40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E6600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E6604C
Part of subcall function 00E6600E: GetStockObject.GDI32(00000011), ref: 00E66060
Part of subcall function 00E6600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00EF4112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00EF411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00EF412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00EF4139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00EF4145

Strings

Msctls_Progress32, xrefs: 00EF40E3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: ea825db03b69bcb0ede87ab0f80bf6e71adccde0e0ed056be5fd239903a42789
Instruction ID: fbba94df989d817b8da9026390b531720a0b0d2052bc6a4f273c4bdde8cddee4
Opcode Fuzzy Hash: ea825db03b69bcb0ede87ab0f80bf6e71adccde0e0ed056be5fd239903a42789
Instruction Fuzzy Hash: BF1190B215021DBEEF219E64CC85EF77F9DEF087A8F115110BB18A6090CB729C21DBA4

Function 00E9D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E9D7A3: _free.LIBCMT ref: 00E9D7CC

_free.LIBCMT ref: 00E9D82D

Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0

_free.LIBCMT ref: 00E9D838
_free.LIBCMT ref: 00E9D843
_free.LIBCMT ref: 00E9D897
_free.LIBCMT ref: 00E9D8A2
_free.LIBCMT ref: 00E9D8AD
_free.LIBCMT ref: 00E9D8B8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: 56205070649f9be39d8a1a57515a991b723a88cffbc0ba816131ea7c71b84064
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 5C111971944B14BADE21FFF0CC47FCB7BDCAF44700F40682AB29DB6492DA65B50586A0

Function 00ECDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00ECDA74
LoadStringW.USER32(00000000), ref: 00ECDA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00ECDA91
LoadStringW.USER32(00000000), ref: 00ECDA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00ECDADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00ECDAB9

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: c4c3262002de077d9e95409f9eed972e288d3780dace64140a8828f853256f1e
Instruction ID: f39c16874bdfeb51915b0dd32e84d7377edb245f36dcbe0c412eb9798bedc3e6
Opcode Fuzzy Hash: c4c3262002de077d9e95409f9eed972e288d3780dace64140a8828f853256f1e
Instruction Fuzzy Hash: 170162F250420C7FE710ABA19E89EF7726CE748701F6004A6B746F2041E6759E898F74

Function 00ED096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(0110DFB8,0110DFB8), ref: 00ED097B
EnterCriticalSection.KERNEL32(0110DF98,00000000), ref: 00ED098D
TerminateThread.KERNEL32(?,000001F6), ref: 00ED099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00ED09A9
CloseHandle.KERNEL32(?), ref: 00ED09B8
InterlockedExchange.KERNEL32(0110DFB8,000001F6), ref: 00ED09C8
LeaveCriticalSection.KERNEL32(0110DF98), ref: 00ED09CF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 4fb3d71190ad8f7463267837f3b40d5ffa04a395f9fa3d07a731b5586d55153b
Instruction ID: 850d92a125b33ebb6e65e3976bbf46e95e644f10d394c224eda82c102e42603a
Opcode Fuzzy Hash: 4fb3d71190ad8f7463267837f3b40d5ffa04a395f9fa3d07a731b5586d55153b
Instruction Fuzzy Hash: 7AF01D31442906AFE7415B95EF88BE67A35FF81702FA42016F101A08B1C7759469DF90

Function 00EE1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00EE1DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00EE1DE1
WSAGetLastError.WSOCK32 ref: 00EE1DF2
htons.WSOCK32(?,?,?,?,?), ref: 00EE1EDB
inet_ntoa.WSOCK32(?), ref: 00EE1E8C

Part of subcall function 00EC39E8: _strlen.LIBCMT ref: 00EC39F2

Part of subcall function 00EE3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00EDEC0C), ref: 00EE3240

_strlen.LIBCMT ref: 00EE1F35

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
String ID:
API String ID: 3203458085-0
Opcode ID: 401f065c9f9b1a5826256627d19bac704e4ace940d9f54c1568ea8d322ba4907
Instruction ID: 2d78158cd97b716b089edbaf8986e6e378d3ecf88698cf81345dd0754e6bc943
Opcode Fuzzy Hash: 401f065c9f9b1a5826256627d19bac704e4ace940d9f54c1568ea8d322ba4907
Instruction Fuzzy Hash: FAB1E631204384AFC324DF25C895F6A77E5AF84318F64A58CF45A6B2E2DB31ED85CB91

Function 00E65D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00E65D30
GetWindowRect.USER32(?,?), ref: 00E65D71
ScreenToClient.USER32(?,?), ref: 00E65D99
GetClientRect.USER32(?,?), ref: 00E65ED7
GetWindowRect.USER32(?,?), ref: 00E65EF8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 7a5713d6706b89bb84333e35b6ed4d12d4c31f09da4b00633209421a3bb039bb
Instruction ID: 4b7aca032b67583cb4b7a1c8798c99099d85fff4506efee16b269defbb335da0
Opcode Fuzzy Hash: 7a5713d6706b89bb84333e35b6ed4d12d4c31f09da4b00633209421a3bb039bb
Instruction Fuzzy Hash: 03B18C75A0074ADBDB14CFA9D4407EEB7F1FF88314F14A41AE8A9E7290D734AA51CB50

Function 00E901B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00E900BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E900D6
__allrem.LIBCMT ref: 00E900ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E9010B
__allrem.LIBCMT ref: 00E90122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E90140

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
Instruction ID: 8e4a3dd71e9d4122ed0fa8883d6f05114c0824f040099617651b1bcd6a04aeb5
Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
Instruction Fuzzy Hash: 31811672B00706AFEB24AF69CC41B6B73E9AF45728F24653EF559F6281E770E9008750

Function 00E961FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00E882D9,00E882D9,?,?,?,00E9644F,00000001,00000001,?), ref: 00E96258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00E9644F,00000001,00000001,?,?,?,?), ref: 00E962DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00E963D8
__freea.LIBCMT ref: 00E963E5

Part of subcall function 00E93820: RtlAllocateHeap.NTDLL(00000000,?,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6,?,00E61129), ref: 00E93852

__freea.LIBCMT ref: 00E963EE
__freea.LIBCMT ref: 00E96413

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 2b55dbf9741fec7032046c476d55214a91f85a4b88ef95eb529e8a77726a5a01
Instruction ID: 5033beea37a42f12633d7eeddeea512d1485edb4ba26e9d4fe35d9de7b3281bf
Opcode Fuzzy Hash: 2b55dbf9741fec7032046c476d55214a91f85a4b88ef95eb529e8a77726a5a01
Instruction Fuzzy Hash: 0B51F372A00216AFDF268F64CC81EBF77A9EB94754F25526AFC05F6190EB34DC50C660

Function 00EEBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00EEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EEB6AE,?,?), ref: 00EEC9B5
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EEC9F1
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA68
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EEBCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EEBD25
RegCloseKey.ADVAPI32(00000000), ref: 00EEBD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00EEBD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00EEBDF3
RegCloseKey.ADVAPI32(?), ref: 00EEBDFF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 4e31a6a4d7a950b58207d6fad50b87af76d9b9e96656669095926cda97a56075
Instruction ID: 73a2fecdf0ad29636661e35efc317ed9469633791fe565d794ac8448aec64353
Opcode Fuzzy Hash: 4e31a6a4d7a950b58207d6fad50b87af76d9b9e96656669095926cda97a56075
Instruction Fuzzy Hash: 3781B030208245AFD714DF25C881E2BBBE5FF84348F24995CF459AB2A2DB31ED45CB92

Function 00EBF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00EBF7B9
SysAllocString.OLEAUT32(00000001), ref: 00EBF860
VariantCopy.OLEAUT32(00EBFA64,00000000), ref: 00EBF889
VariantClear.OLEAUT32(00EBFA64), ref: 00EBF8AD
VariantCopy.OLEAUT32(00EBFA64,00000000), ref: 00EBF8B1
VariantClear.OLEAUT32(?), ref: 00EBF8BB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: b97fe963017c5938c2dee5ae8de99823c9baeed9b676194605dabbe0e1c4e0a6
Instruction ID: 25e5ddcda5d5ac12ddf7dee45764540cab60d8d36e236d456fab0bf05bc4cd34
Opcode Fuzzy Hash: b97fe963017c5938c2dee5ae8de99823c9baeed9b676194605dabbe0e1c4e0a6
Instruction Fuzzy Hash: 4651A731500310BACF24ABA5DC95BAAB3E9EF85714B24B477E905FF295DB708C40CB96

Function 00ED910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 00E67620: _wcslen.LIBCMT ref: 00E67625

Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 00ED94E5
_wcslen.LIBCMT ref: 00ED9506
_wcslen.LIBCMT ref: 00ED952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00ED9585

Strings

X, xrefs: 00ED9412

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: e9cc1f65fcff5cfdbe4b1342672b9f693b82a420fd33d984040ffa325acc80db
Instruction ID: 77d1ebf7838ee6f02a60f71e6561c0b710e153a7613f5e761ddb9c093e8c0a79
Opcode Fuzzy Hash: e9cc1f65fcff5cfdbe4b1342672b9f693b82a420fd33d984040ffa325acc80db
Instruction Fuzzy Hash: E4E1A2315083009FD724EF24D881A6AB7E4FF85354F14996EF899AB3A2DB31DD05CB92

Function 00E7920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2

BeginPaint.USER32(?,?,?), ref: 00E79241
GetWindowRect.USER32(?,?), ref: 00E792A5
ScreenToClient.USER32(?,?), ref: 00E792C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00E792D3
EndPaint.USER32(?,?,?,?,?), ref: 00E79321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00EB71EA

Part of subcall function 00E79339: BeginPath.GDI32(00000000), ref: 00E79357

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 4a6abfaf845756f43975d142e5331d9f58f40984760042f6d2a2b7664cec7f5a
Instruction ID: 8fe7024b2abb5d9a049ea8bec5b80eb0bac612b611e9942261af09863b838613
Opcode Fuzzy Hash: 4a6abfaf845756f43975d142e5331d9f58f40984760042f6d2a2b7664cec7f5a
Instruction Fuzzy Hash: 5C41CF30109204AFD710DF25DC84FBA7BF9FF85724F104229F9A9A72A2C7319849DB61

Function 00ED07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00ED080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00ED0847
EnterCriticalSection.KERNEL32(?), ref: 00ED0863
LeaveCriticalSection.KERNEL32(?), ref: 00ED08DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00ED08F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00ED0921

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: aeac9aa27928a36bcef92b4786f0760e42fb52842e659f8c1b797e435b3710c1
Instruction ID: 4346a92912ffbeba493be060cc52139601ffed7c1570746c63c7b3e557e1300b
Opcode Fuzzy Hash: aeac9aa27928a36bcef92b4786f0760e42fb52842e659f8c1b797e435b3710c1
Instruction Fuzzy Hash: F3415B71900209EFDF14AF54DC85A6A77B8FF44314F2480A9ED04AA297D730EE65DBA4

Function 00EF81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00EBF3AB,00000000,?,?,00000000,?,00EB682C,00000004,00000000,00000000), ref: 00EF824C
EnableWindow.USER32(?,00000000), ref: 00EF8272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 00EF82D1
ShowWindow.USER32(?,00000004), ref: 00EF82E5
EnableWindow.USER32(?,00000001), ref: 00EF830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00EF832F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: f534d463a529a9e7f8c6654111603242c35e3b98d7758ebb9ae73e0a1ba76c5e
Instruction ID: b9fa7dc028494ada147dff06839f5ea50ab75d66c9e2a2db7d7cd589d0168b7e
Opcode Fuzzy Hash: f534d463a529a9e7f8c6654111603242c35e3b98d7758ebb9ae73e0a1ba76c5e
Instruction Fuzzy Hash: A241B73060264CEFEB11CF15CA95BF87BE1BB45718F186165E6486F2B2CB31A845CF50

Function 00EC4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00EC4C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00EC4CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00EC4CEA
_wcslen.LIBCMT ref: 00EC4D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00EC4D10
_wcsstr.LIBVCRUNTIME ref: 00EC4D1A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: a032cba8257ad70740de6f5322502107d37904cfd3edcb7acca5d759d8265a76
Instruction ID: 5cefb48ebf62c76b897ffe26f1c5224c1b1e4373f8127f13eda0e1a624ffd9d5
Opcode Fuzzy Hash: a032cba8257ad70740de6f5322502107d37904cfd3edcb7acca5d759d8265a76
Instruction Fuzzy Hash: 9E210AB12042047BEB256B259D15F7B7FD8DF45750F20902DF809EA1D1EA62CC01C361

Function 00ED581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00E63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E63A97,?,?,00E62E7F,?,?,?,00000000), ref: 00E63AC2

_wcslen.LIBCMT ref: 00ED587B
CoInitialize.OLE32(00000000), ref: 00ED5995
CoCreateInstance.OLE32(00EFFCF8,00000000,00000001,00EFFB68,?), ref: 00ED59AE
CoUninitialize.OLE32 ref: 00ED59CC

Strings

.lnk, xrefs: 00ED5876, 00ED58C1, 00ED5985

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: ab7cd6fb888d9c1fabd43d11979e8fa65a6aa537658c7fb1f8efa32f2e0e6d15
Instruction ID: 66430bc7d75420528b64fb515cc20fa681056b9d639c4b9a336ac0cf38d981c4
Opcode Fuzzy Hash: ab7cd6fb888d9c1fabd43d11979e8fa65a6aa537658c7fb1f8efa32f2e0e6d15
Instruction Fuzzy Hash: A8D175726047019FC714DF24C49492ABBE5EF89314F14985EF88AAB361DB31EC46CB92

Function 00EC175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00EC0FCA
Part of subcall function 00EC0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00EC0FD6
Part of subcall function 00EC0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00EC0FE5
Part of subcall function 00EC0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00EC0FEC
Part of subcall function 00EC0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00EC1002

GetLengthSid.ADVAPI32(?,00000000,00EC1335), ref: 00EC17AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00EC17BA
HeapAlloc.KERNEL32(00000000), ref: 00EC17C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 00EC17DA
GetProcessHeap.KERNEL32(00000000,00000000,00EC1335), ref: 00EC17EE
HeapFree.KERNEL32(00000000), ref: 00EC17F5

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 286b176c2fabfd0ea7e6314885417103f7c2c3e0f436d2ead658193a9b70c723
Instruction ID: 0230c966f646bbc01598c48bf2bf6e8ee243ea094cd3820f643be73d3b87716d
Opcode Fuzzy Hash: 286b176c2fabfd0ea7e6314885417103f7c2c3e0f436d2ead658193a9b70c723
Instruction Fuzzy Hash: BD11AC31501208EFDB108BA4CE48FAE7BB8EF82319F20405DF441A7211C7369956CB60

Function 00EC14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00EC14FF
OpenProcessToken.ADVAPI32(00000000), ref: 00EC1506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00EC1515
CloseHandle.KERNEL32(00000004), ref: 00EC1520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00EC154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00EC1563

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 7f2f32052d5448fcba4a17bb51d7fad4e4b379d649309bfbf24e0d6833a537a3
Instruction ID: 44e64dca3ebed09f262d8d5ce80e938e35c18a5cc7c2b98e62cfe5f57a664ec0
Opcode Fuzzy Hash: 7f2f32052d5448fcba4a17bb51d7fad4e4b379d649309bfbf24e0d6833a537a3
Instruction Fuzzy Hash: 34114D7250120DAFDB118F94DE49FDE7BA9EF45748F244059FA05B2160C3728D55EB60

Function 00E83382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00E83379,00E82FE5), ref: 00E83390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E8339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E833B7
SetLastError.KERNEL32(00000000,?,00E83379,00E82FE5), ref: 00E83409

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 7108ea596be4bbd1a4af26cce0e830e7ea3f1e268908098b29fc96ae6be21c47
Instruction ID: db5c5146c21a1548b0d06ef1b4df72bdf7a1068b7dc7fabbe06771d01c7caab3
Opcode Fuzzy Hash: 7108ea596be4bbd1a4af26cce0e830e7ea3f1e268908098b29fc96ae6be21c47
Instruction Fuzzy Hash: 42012832609315BEAA2477787C8596A2ED4EB05F793302229F42CF01F0EF114E0663C4

Function 00E92D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00E95686,00EA3CD6,?,00000000,?,00E95B6A,?,?,?,?,?,00E8E6D1,?,00F28A48), ref: 00E92D78
_free.LIBCMT ref: 00E92DAB
_free.LIBCMT ref: 00E92DD3
SetLastError.KERNEL32(00000000,?,?,?,?,00E8E6D1,?,00F28A48,00000010,00E64F4A,?,?,00000000,00EA3CD6), ref: 00E92DE0
SetLastError.KERNEL32(00000000,?,?,?,?,00E8E6D1,?,00F28A48,00000010,00E64F4A,?,?,00000000,00EA3CD6), ref: 00E92DEC
_abort.LIBCMT ref: 00E92DF2

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: c89bb5acf9d1742a06138a9d950098733aeab85bbd3f010c73477669795994fa
Instruction ID: ec3211c45cdba0379f626e9c2a0cf42e1429e5f616d4797e53ccb57f26e18a34
Opcode Fuzzy Hash: c89bb5acf9d1742a06138a9d950098733aeab85bbd3f010c73477669795994fa
Instruction Fuzzy Hash: D7F0C8355056003BCE226735BC06E6F25D9AFC17A5F35241DFA24F21E2EF24880251A0

Function 00EF8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00E79639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E79693
Part of subcall function 00E79639: SelectObject.GDI32(?,00000000), ref: 00E796A2
Part of subcall function 00E79639: BeginPath.GDI32(?), ref: 00E796B9
Part of subcall function 00E79639: SelectObject.GDI32(?,00000000), ref: 00E796E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00EF8A4E
LineTo.GDI32(?,00000003,00000000), ref: 00EF8A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00EF8A70
LineTo.GDI32(?,00000000,00000003), ref: 00EF8A80
EndPath.GDI32(?), ref: 00EF8A90
StrokePath.GDI32(?), ref: 00EF8AA0

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 42d0cf64246a0336a445803709aa3df3d81f76e4d078400f80a7e76b801b8d40
Instruction ID: ae2789ac4bde8edc3c8bdf94c7deae8832d9284673a9b7a3812c25d324d675bd
Opcode Fuzzy Hash: 42d0cf64246a0336a445803709aa3df3d81f76e4d078400f80a7e76b801b8d40
Instruction Fuzzy Hash: F211097600010DFFDB129F91DD88EAA7F6DEB08364F108052BA19AA1A1DB719D55DBA0

Function 00EC51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00EC5218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00EC5229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EC5230
ReleaseDC.USER32(00000000,00000000), ref: 00EC5238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00EC524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00EC5261

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: b97b6ac9a73e94fc435772f59a716f6420fd3976f3da788954228632d0224589
Instruction ID: c35134e0fa0e7c5e4dcc04761e7141cad904fc37064ec9767ef3d8bd43b9e095
Opcode Fuzzy Hash: b97b6ac9a73e94fc435772f59a716f6420fd3976f3da788954228632d0224589
Instruction Fuzzy Hash: 0C018475A00708BFEB105BA69D49F5EBFB8EB44751F244065FA04F7390DA709805CBA0

Function 00E61BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00E61BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 00E61BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00E61C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00E61C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 00E61C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 00E61C22

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: cf392c8bc69ecd161bd88bf27caa2ca3008411dcbcd3231cf8d6a230bc361bb3
Instruction ID: 222a4970a7780f0ee1adf1c4a14cf20ffecac5a339b4b7d6ada94182b02af4ef
Opcode Fuzzy Hash: cf392c8bc69ecd161bd88bf27caa2ca3008411dcbcd3231cf8d6a230bc361bb3
Instruction Fuzzy Hash: 6F016CB09027597DE3008F5A8C85B52FFA8FF59754F10411B915C47941C7F5A868CBE5

Function 00ECEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00ECEB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00ECEB46
GetWindowThreadProcessId.USER32(?,?), ref: 00ECEB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00ECEB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00ECEB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00ECEB75

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 557f7a6313909e2ee91d0b33a245f10ba27183ea729ed56acb1e6651a219db2d
Instruction ID: 388bc0e0509296394fc5f3cc5e3ccb6cd2fec27eefe976956f324d2a85ecb6d9
Opcode Fuzzy Hash: 557f7a6313909e2ee91d0b33a245f10ba27183ea729ed56acb1e6651a219db2d
Instruction Fuzzy Hash: 95F06772201118BFE7205B639E0EEFB3A7CEFCAF11F200158F601E1090AAA01A05C6B5

Function 00EB7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00EB7452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00EB7469
GetWindowDC.USER32(?), ref: 00EB7475
GetPixel.GDI32(00000000,?,?), ref: 00EB7484
ReleaseDC.USER32(?,00000000), ref: 00EB7496
GetSysColor.USER32(00000005), ref: 00EB74B0

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: f87be6edc01ad24b4d72383fd07d83fbe9e8c0a8c7027b0b9629673a262a05a0
Instruction ID: 1cfbd4b5201941e33afd921ad84c31c07a3e6b0a79d6ed83b2407c6e8f885264
Opcode Fuzzy Hash: f87be6edc01ad24b4d72383fd07d83fbe9e8c0a8c7027b0b9629673a262a05a0
Instruction Fuzzy Hash: 68017431404219EFEB105FA5DE08BFA7BB6FB84322F314060F92AB21A1CB311E55EB51

Function 00EC1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00EC187F
UnloadUserProfile.USERENV(?,?), ref: 00EC188B
CloseHandle.KERNEL32(?), ref: 00EC1894
CloseHandle.KERNEL32(?), ref: 00EC189C
GetProcessHeap.KERNEL32(00000000,?), ref: 00EC18A5
HeapFree.KERNEL32(00000000), ref: 00EC18AC

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 46b001cfd96797740dc5dd23c5582dee587d73a01a10abf3ab285571c5596507
Instruction ID: 1951220b9ce44bcd5541faf3e98baaaac40dfb259e8059f41503bef663ffd1c9
Opcode Fuzzy Hash: 46b001cfd96797740dc5dd23c5582dee587d73a01a10abf3ab285571c5596507
Instruction Fuzzy Hash: D6E0C936005109BFD6015BA2EE0CD15BF39FF897217708221F225A1071CB325474EB50

Function 00EE7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00E80242: EnterCriticalSection.KERNEL32(00F3070C,00F31884,?,?,00E7198B,00F32518,?,?,?,00E612F9,00000000), ref: 00E8024D
Part of subcall function 00E80242: LeaveCriticalSection.KERNEL32(00F3070C,?,00E7198B,00F32518,?,?,?,00E612F9,00000000), ref: 00E8028A

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00E800A3: __onexit.LIBCMT ref: 00E800A9

__Init_thread_footer.LIBCMT ref: 00EE7BFB

Part of subcall function 00E801F8: EnterCriticalSection.KERNEL32(00F3070C,?,?,00E78747,00F32514), ref: 00E80202
Part of subcall function 00E801F8: LeaveCriticalSection.KERNEL32(00F3070C,?,00E78747,00F32514), ref: 00E80235

Strings

G, xrefs: 00EE7C7F
Variable must be of type 'Object'., xrefs: 00EE7C3A
+T, xrefs: 00EE7E2E
5, xrefs: 00EE7C78

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: +T$5$G$Variable must be of type 'Object'.
API String ID: 535116098-4125810065
Opcode ID: e61abdc75c268eb388d3fe31af30dc932a87d3a2717a3347f67a2bbeb470c08f
Instruction ID: 0c042f1b274efa7823260e353193b978649c87ce5b5a3d920472c8a43d603944
Opcode Fuzzy Hash: e61abdc75c268eb388d3fe31af30dc932a87d3a2717a3347f67a2bbeb470c08f
Instruction Fuzzy Hash: 0791AB70A0424CEFCB04EF55D9809ADB7B1FF49308F249059F886BB292DB71AE45CB51

Function 00ECC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E67620: _wcslen.LIBCMT ref: 00E67625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00ECC6EE
_wcslen.LIBCMT ref: 00ECC735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00ECC79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00ECC7CA

Strings

0, xrefs: 00ECC6AF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: cc7072d71333ae7d2c55c4ca34b7ce524b2db8e0db675c6fd10978c705f52ae7
Instruction ID: 2bbbf0ea3cfa4b7f41400dde68bb9a59b7869a49b1346d1bb168cd5b09730066
Opcode Fuzzy Hash: cc7072d71333ae7d2c55c4ca34b7ce524b2db8e0db675c6fd10978c705f52ae7
Instruction Fuzzy Hash: 3251D0716043009BD7149F38CA44FAB77E4EB89318F242A2EF999F2190DB62D806DB52

Function 00EEAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 00EEAEA3

Part of subcall function 00E67620: _wcslen.LIBCMT ref: 00E67625

GetProcessId.KERNEL32(00000000), ref: 00EEAF38
CloseHandle.KERNEL32(00000000), ref: 00EEAF67

Strings

@, xrefs: 00EEAE72
<, xrefs: 00EEAE6B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: 5a0072b5fedf5a5a15a4a9df2ee2de4d0b8e042233f43f46d63e709847a0cc48
Instruction ID: 87205f3354c0960bf0a65804c58b51e16bbfc08e678500381dcfd314ec4f693e
Opcode Fuzzy Hash: 5a0072b5fedf5a5a15a4a9df2ee2de4d0b8e042233f43f46d63e709847a0cc48
Instruction Fuzzy Hash: B7716770A00259DFCB14DF55D484A9EBBF0EF08318F1894ADE85ABB262C770ED45CB91

Function 00EC719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00EC7206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00EC723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00EC724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00EC72CF

Strings

DllGetClassObject, xrefs: 00EC7242

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 4e56a42e964cfd49438ae43cc535cb09d2d1e0b5be1eec14ecda6b89014e83b7
Instruction ID: 0d113f1cb359510c73b93743f48d1ba2469a3696dfa7366807e65ead7f7ef117
Opcode Fuzzy Hash: 4e56a42e964cfd49438ae43cc535cb09d2d1e0b5be1eec14ecda6b89014e83b7
Instruction Fuzzy Hash: 8D4190B16042049FDB19CF54CA84F9A7BB9EF44314F2090ADBD45AF21AD7B2D946CFA0

Function 00EF3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EF3E35
IsMenu.USER32(?), ref: 00EF3E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00EF3E92
DrawMenuBar.USER32 ref: 00EF3EA5

Strings

0, xrefs: 00EF3D89

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: fdd591a2d905c05e80cf9a65daca403f5611ae67e9492951805c1ee6d330a06f
Instruction ID: 3f393174164b3e5d72448ba53dfdbfbfa06d5430a69ebff982958b36bc4bfd8c
Opcode Fuzzy Hash: fdd591a2d905c05e80cf9a65daca403f5611ae67e9492951805c1ee6d330a06f
Instruction Fuzzy Hash: 06413375A0130DAFDF10DF60D884AEABBB9FF48368F145129EA05AB250D730AE45DF60

Function 00EC1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00EC1E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00EC1E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00EC1EA9

Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A

Strings

ListBox, xrefs: 00EC1E25
ComboBox, xrefs: 00EC1DF0

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: 599515dec1f155477531726e5e620a974012e568021aae96753497e6001f3566
Instruction ID: 533ce618d6c5e1739437e9af0ee936d1bacb8aad901214c23bb2eef20b8bec00
Opcode Fuzzy Hash: 599515dec1f155477531726e5e620a974012e568021aae96753497e6001f3566
Instruction Fuzzy Hash: 55212671A40108AEDB14AB64EE45DFFB7B8DF423A4B20A11DF815F31E2DB35490AD620

Function 00EF2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00EF2F8D
LoadLibraryW.KERNEL32(?), ref: 00EF2F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00EF2FA9
DestroyWindow.USER32(?), ref: 00EF2FB1

Strings

SysAnimate32, xrefs: 00EF2F68

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: d6886f981ba83a3c8a938a662d6eff111fd4623770aa3af8440e888af445853b
Instruction ID: c0dc3d157a5c7d826d6cc7d5e9eb1b6e932b2d3483edc8eef00f772d46ee4b8b
Opcode Fuzzy Hash: d6886f981ba83a3c8a938a662d6eff111fd4623770aa3af8440e888af445853b
Instruction Fuzzy Hash: 4F218B72224209ABEB204F64DC80EBB37B9EB59368F20661CFB50F21A0D771DC519760

Function 00E84D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00E84D1E,00E928E9,(,00E84CBE,00000000,00F288B8,0000000C,00E84E15,(,00000002), ref: 00E84D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E84DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00E84D1E,00E928E9,(,00E84CBE,00000000,00F288B8,0000000C,00E84E15,(,00000002,00000000), ref: 00E84DC3

Strings

CorExitProcess, xrefs: 00E84D98
mscoree.dll, xrefs: 00E84D86

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: bf49a78fc8cb776ac2ac79f849825606dd1fbf2eec0e167033f9dbce91094af8
Instruction ID: 661bedfaee07cb0b6740a5b2df9f40e0368edc11d79bfb81048dd4694cefc593
Opcode Fuzzy Hash: bf49a78fc8cb776ac2ac79f849825606dd1fbf2eec0e167033f9dbce91094af8
Instruction Fuzzy Hash: 83F0AF30A0020DBFDB10AF91DC09BADBBB5EF44755F2000A4F80DB22A0DF309944DB92

Function 00E64E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00E64EDD,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00E64EAE
FreeLibrary.KERNEL32(00000000,?,?,00E64EDD,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64EC0

Strings

kernel32.dll, xrefs: 00E64E94
Wow64DisableWow64FsRedirection, xrefs: 00E64EA8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 06556feda67fedb6c282aa7f3575b74cddf284162a6beb1f040e5195a79e6821
Instruction ID: 5f14ab84bd25fa2c61cd94d7845ffb5f8a0f18c2f3605120b4e4204940f926f7
Opcode Fuzzy Hash: 06556feda67fedb6c282aa7f3575b74cddf284162a6beb1f040e5195a79e6821
Instruction Fuzzy Hash: FBE02635A026225F822107267C18A3B6164AFC1BA27241011FC00F2140DB60CC0580A2

Function 00E64E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EA3CDE,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00E64E74
FreeLibrary.KERNEL32(00000000,?,?,00EA3CDE,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E87

Strings

kernel32.dll, xrefs: 00E64E5B
Wow64RevertWow64FsRedirection, xrefs: 00E64E6E

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 53f62c917349a8b23c4d90d70cb7880445e53f277d0da13625382c944aac69e1
Instruction ID: 4cf0fdacfdd83edd5b3aaad2190f1f5994af293e191c2fb226490df3b12db707
Opcode Fuzzy Hash: 53f62c917349a8b23c4d90d70cb7880445e53f277d0da13625382c944aac69e1
Instruction Fuzzy Hash: 75D0C2395436365F47221B267C08DAB2A28AFC1BA53351511B904B6154DF21CD15C1D1

Function 00ED2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00ED2C05
DeleteFileW.KERNEL32(?), ref: 00ED2C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00ED2C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00ED2CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00ED2CC0

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 2035b76d7ed4c190a75d8f58753e3fab09a4335510650897652e536f4db242c3
Instruction ID: 8baed1e63b9a45ab7674411d0146b86861fef738b2f6303278910ee36f8940cd
Opcode Fuzzy Hash: 2035b76d7ed4c190a75d8f58753e3fab09a4335510650897652e536f4db242c3
Instruction Fuzzy Hash: 3AB17072E00119ABDF11EBA4CC85EDEB7BCEF58350F1050AAF609F6251EA309E458F61

Function 00EEA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00EEA427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00EEA435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00EEA468
CloseHandle.KERNEL32(?), ref: 00EEA63D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 66d6cb9a3075331f59e59c95edc631dac6d8d70bd30e39e64ca52f182a57a9e0
Instruction ID: 78ad88b74042c61a01bf43ec15206c220d41ccaf66056892a5eca627ce64567b
Opcode Fuzzy Hash: 66d6cb9a3075331f59e59c95edc631dac6d8d70bd30e39e64ca52f182a57a9e0
Instruction Fuzzy Hash: E4A1C2716043019FD720DF15D886F2AB7E1AF84714F18985DF5AAAB392D7B0EC40CB92

Function 00E9BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00F03700), ref: 00E9BB91
WideCharToMultiByte.KERNEL32(00000000,00000000,00F3121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00E9BC09
WideCharToMultiByte.KERNEL32(00000000,00000000,00F31270,000000FF,?,0000003F,00000000,?), ref: 00E9BC36
_free.LIBCMT ref: 00E9BB7F

Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0

_free.LIBCMT ref: 00E9BD4B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: 79725eb9938fc1230acbda521ab28ba932f0956b2d83ca892c0a45cf3cae77da
Instruction ID: 3e835adc9acf5f97845beaa1c083025464809553e3c0cb502f3ac6d4bdacb7f1
Opcode Fuzzy Hash: 79725eb9938fc1230acbda521ab28ba932f0956b2d83ca892c0a45cf3cae77da
Instruction Fuzzy Hash: 5F51F57190020DAFDF10EF65AE819AEB7FDFF40324B10526AE554F72A1EB709E419B90

Function 00ECE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ECDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00ECCF22,?), ref: 00ECDDFD

Part of subcall function 00ECDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00ECCF22,?), ref: 00ECDE16

Part of subcall function 00ECE199: GetFileAttributesW.KERNEL32(?,00ECCF95), ref: 00ECE19A

lstrcmpiW.KERNEL32(?,?), ref: 00ECE473
MoveFileW.KERNEL32(?,?), ref: 00ECE4AC
_wcslen.LIBCMT ref: 00ECE5EB
_wcslen.LIBCMT ref: 00ECE603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00ECE650

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 5e87acdd5591a159083e1ed2a6baf37deb63209d5b85ac6e0657821d810ff005
Instruction ID: f308bdb1d2d6cb63f90310f34ee451491ca1c6d38b02e7ca544bf0e06b63b9f5
Opcode Fuzzy Hash: 5e87acdd5591a159083e1ed2a6baf37deb63209d5b85ac6e0657821d810ff005
Instruction Fuzzy Hash: 8851A4B24087455BC724EB90DD81EDFB3ECAF84344F10191EF589E3192EF35A5898766

Function 00EEB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00EEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EEB6AE,?,?), ref: 00EEC9B5
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EEC9F1
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA68
Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EEBAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EEBB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00EEBB63
RegCloseKey.ADVAPI32(?,?), ref: 00EEBBA6
RegCloseKey.ADVAPI32(00000000), ref: 00EEBBB3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 69b16078db05d950cc54857a0fa03cf60fbb688a780e3044201bf0733348143f
Instruction ID: e7ee08454d471c28e7583f88ad37d85d0b2ed2043dbcba52ab8c020d1379f0e7
Opcode Fuzzy Hash: 69b16078db05d950cc54857a0fa03cf60fbb688a780e3044201bf0733348143f
Instruction Fuzzy Hash: E561C331208245AFD714DF15C490E2BBBE5FF84348F24956CF4999B2A2DB31ED45CB92

Function 00EC8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00EC8BCD
VariantClear.OLEAUT32 ref: 00EC8C3E
VariantClear.OLEAUT32 ref: 00EC8C9D
VariantClear.OLEAUT32(?), ref: 00EC8D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00EC8D3B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 48779758ca0618ded4870d2c2ac008662056c19d0161b210b4dbffacf3ddb551
Instruction ID: ac5957706525ac3bde6d48303bc5679a52c323546abaec74af5bddad8658d073
Opcode Fuzzy Hash: 48779758ca0618ded4870d2c2ac008662056c19d0161b210b4dbffacf3ddb551
Instruction Fuzzy Hash: 00517C71A00219DFCB14CF18D994EAABBF8FF89314B118559F915EB350D731E911CB90

Function 00ED8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00ED8BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00ED8BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00ED8C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00ED8C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00ED8C5F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 9eae260447c33a4f5c037b77ba40b128a1e27c1313fd1139c7316b52fb7f1fbf
Instruction ID: 2e89f55a0bf23b7b3b81282b1bb71c06d91d014f20bf71d3ac021a5719a46fff
Opcode Fuzzy Hash: 9eae260447c33a4f5c037b77ba40b128a1e27c1313fd1139c7316b52fb7f1fbf
Instruction Fuzzy Hash: 71516C35A00218DFCB04DF65C884A6DBBF5FF48358F188499E84AAB362DB31ED51CB91

Function 00EE8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00EE8F40
GetProcAddress.KERNEL32(00000000,?), ref: 00EE8FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00EE8FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00EE9032
FreeLibrary.KERNEL32(00000000), ref: 00EE9052

Part of subcall function 00E7F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00ED1043,?,7529E610), ref: 00E7F6E6
Part of subcall function 00E7F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00EBFA64,00000000,00000000,?,?,00ED1043,?,7529E610,?,00EBFA64), ref: 00E7F70D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 316b68c9e53652972ecc7613e3a95a56ce70762431c5709d685b584a98d8038b
Instruction ID: a9c8913a53f439a4d1aaa6f8f0d4396d299ec100d1f7e3514cceda0c1d9da2b9
Opcode Fuzzy Hash: 316b68c9e53652972ecc7613e3a95a56ce70762431c5709d685b584a98d8038b
Instruction Fuzzy Hash: 8B516C34600249DFC714DF59C5848ADBBF1FF49328B1490A8E80ABB362DB31ED85CB90

Function 00EF6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00EF6C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00EF6C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00EF6C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00EDAB79,00000000,00000000), ref: 00EF6C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00EF6CC7

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 4cfbd70cceffe8002003da5dfe9da151fca6e9e1b618cd228b2995133ba4d63d
Instruction ID: 837abd4883e4fee24cdf055ad19ba071a24cd563d201f0a4a95007af32ccbb69
Opcode Fuzzy Hash: 4cfbd70cceffe8002003da5dfe9da151fca6e9e1b618cd228b2995133ba4d63d
Instruction Fuzzy Hash: 5A41CF35A0410CAFDB24CF28CD58FB9BBA5EB49364F251268EA95F72E1C371AD41DA40

Function 00E92051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00E920C3
_free.LIBCMT ref: 00E920E3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 5f51f82b13c9bd552a6fd62ffe8e1b844a9672a50e7c5217f7ce951aef1ce8e6
Instruction ID: f7d5c4fc0b6014081fbcbf4fcafb39274e80f3463fe538a5bb21027c57625f0e
Opcode Fuzzy Hash: 5f51f82b13c9bd552a6fd62ffe8e1b844a9672a50e7c5217f7ce951aef1ce8e6
Instruction Fuzzy Hash: 9541D232A00204AFCF24DF79C881A9EB7E5EF89714F1555ACE619FB391D631AD01DB81

Function 00E7912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00E79141
ScreenToClient.USER32(00000000,?), ref: 00E7915E
GetAsyncKeyState.USER32(00000001), ref: 00E79183
GetAsyncKeyState.USER32(00000002), ref: 00E7919D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: f1d66160120552cff2d964840d6704f5ce10685a259c2799db79da3832cfe363
Instruction ID: 8a40949aa9cabe8fb4d00b3a28db8094949695826560a7a956d42577302ba3dd
Opcode Fuzzy Hash: f1d66160120552cff2d964840d6704f5ce10685a259c2799db79da3832cfe363
Instruction Fuzzy Hash: 1B41AF31A0960ABBCF059F68C848BFEB7B4FF45324F209219E469B32D1C7306954CBA1

Function 00ED3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00ED38CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00ED3922
TranslateMessage.USER32(?), ref: 00ED394B
DispatchMessageW.USER32(?), ref: 00ED3955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED3966

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: bb8608865a6b2e30aaf493dc014f4bbb97a803af8418de92614585bb032808e2
Instruction ID: e99a0f8aa64aaf04e4f0d49877200f46c13019a3568a917ae77bd231c189b3d5
Opcode Fuzzy Hash: bb8608865a6b2e30aaf493dc014f4bbb97a803af8418de92614585bb032808e2
Instruction Fuzzy Hash: AE3139705043499EEB34CB35DC58BB637A8EB45318F14142FE462A22E4E3F09686EB23

Function 00EDCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00EDC21E,00000000), ref: 00EDCF38
InternetReadFile.WININET(?,00000000,?,?), ref: 00EDCF6F
GetLastError.KERNEL32(?,00000000,?,?,?,00EDC21E,00000000), ref: 00EDCFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,00EDC21E,00000000), ref: 00EDCFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,00EDC21E,00000000), ref: 00EDCFF2

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 263c3a0b18e2215cfd8e751b6e91ca139367249b06444e755464fdacb138ab79
Instruction ID: 515812b45bbfa60255e85278b34fd3c47b025a4bb5c00bd2213db5771933c9e3
Opcode Fuzzy Hash: 263c3a0b18e2215cfd8e751b6e91ca139367249b06444e755464fdacb138ab79
Instruction Fuzzy Hash: BF314F71604606AFDB20DFA5C984AEBBBF9EB54394B30542FF506F2250DB30AD46DB60

Function 00EC1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00EC1915
PostMessageW.USER32(00000001,00000201,00000001), ref: 00EC19C1
Sleep.KERNEL32(00000000,?,?,?), ref: 00EC19C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 00EC19DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00EC19E2

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: b1cb1b49b3325d292b1b56299a1a366761a8134637876d447cd3c46dd17cfaad
Instruction ID: 8a84131f52250e9b14915e06f1ba59064240c42ee9a463fd1be62b3a4dde7d1a
Opcode Fuzzy Hash: b1cb1b49b3325d292b1b56299a1a366761a8134637876d447cd3c46dd17cfaad
Instruction Fuzzy Hash: 8031CF71900219EFCB00CFA8CA98BEE3BB5EB85314F205269F921A72D1C3709955CB91

Function 00EF5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00EF5745
SendMessageW.USER32(?,00001074,?,00000001), ref: 00EF579D
_wcslen.LIBCMT ref: 00EF57AF
_wcslen.LIBCMT ref: 00EF57BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00EF5816

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 1d5fc661c7119d5f77cba712805963079caeed0803802ff7c193510083a0082a
Instruction ID: 64c4b4a4fb88ebadd87c0b9e428d1968166ad07094ff6533e486418e1b7ca6f1
Opcode Fuzzy Hash: 1d5fc661c7119d5f77cba712805963079caeed0803802ff7c193510083a0082a
Instruction Fuzzy Hash: F9214F7290461CDADB209F60CC85AFD77B8FB54724F109216EB29FA1C0E7708985CF51

Function 00EE0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00EE0951
GetForegroundWindow.USER32 ref: 00EE0968
GetDC.USER32(00000000), ref: 00EE09A4
GetPixel.GDI32(00000000,?,00000003), ref: 00EE09B0
ReleaseDC.USER32(00000000,00000003), ref: 00EE09E8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 23e7a0bbb1ece3938c0960572715217e72585ff976f31119cbe4cdc0970d7f6c
Instruction ID: 10ff066022a7f8a5539263cafb23af9cfc7690aac30b87bff32055bf1d10e221
Opcode Fuzzy Hash: 23e7a0bbb1ece3938c0960572715217e72585ff976f31119cbe4cdc0970d7f6c
Instruction Fuzzy Hash: DF219635600208AFD704EF65E944AAEB7F9EF84740F148469F84AF7362DB70AC45CB50

Function 00E9CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00E9CDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E9CDE9

Part of subcall function 00E93820: RtlAllocateHeap.NTDLL(00000000,?,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6,?,00E61129), ref: 00E93852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00E9CE0F
_free.LIBCMT ref: 00E9CE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E9CE31

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 0f950f62c573318a6b9c573456e3b8f31a3f68c772302cc61105de4787517f7f
Instruction ID: 0bd50e018ac26e4649dbc4bb07d7550deffdfcb77b7e77043de4683df3cca77f
Opcode Fuzzy Hash: 0f950f62c573318a6b9c573456e3b8f31a3f68c772302cc61105de4787517f7f
Instruction Fuzzy Hash: 3D0184726022157F2B2166B76C88D7B6A6DDFC6BA53351129FD06F7201EA618D01C2B0

Function 00E79639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E79693
SelectObject.GDI32(?,00000000), ref: 00E796A2
BeginPath.GDI32(?), ref: 00E796B9
SelectObject.GDI32(?,00000000), ref: 00E796E2

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 09ea2f51bd4ae6e52e576c1db1ad95dd3b32cddf3763a4d2df9f83d168e9071c
Instruction ID: e3d43ff579f7ec412ca0cc69c84b93725581cb3e38fd8c725a75d10db211c809
Opcode Fuzzy Hash: 09ea2f51bd4ae6e52e576c1db1ad95dd3b32cddf3763a4d2df9f83d168e9071c
Instruction Fuzzy Hash: 5A216D30803209EFDB119FA5ED04BAD3BBABF40779F208316F414B61A1D3709899EB94

Function 00EC5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00EC5726
_memcmp.LIBVCRUNTIME ref: 00EC5744
_memcmp.LIBVCRUNTIME ref: 00EC5757
_memcmp.LIBVCRUNTIME ref: 00EC576F
_memcmp.LIBVCRUNTIME ref: 00EC5787

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: b35cd05b9c35773ca2b1ed1cc62552c2a030fda0aa949c4a4a44718f25498d8c
Instruction ID: 9dcb87f8c8d64679746de1782385b3c1fad72a70156794213dfa061168e4ab8c
Opcode Fuzzy Hash: b35cd05b9c35773ca2b1ed1cc62552c2a030fda0aa949c4a4a44718f25498d8c
Instruction Fuzzy Hash: D2019B63641719BAD21856109F41FFA639C9F21358B006026FD0C7A241F662FDA282A4

Function 00E92DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00E8F2DE,00E93863,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6), ref: 00E92DFD
_free.LIBCMT ref: 00E92E32
_free.LIBCMT ref: 00E92E59
SetLastError.KERNEL32(00000000,00E61129), ref: 00E92E66
SetLastError.KERNEL32(00000000,00E61129), ref: 00E92E6F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 403e666e212a1778012d0e7894ece18e02ed072be2cbd6e6535b6e45e01a913b
Instruction ID: c8312ebfa9fd5ff42cffcdb1036bf936df51e07540f0eb6ba482281f52a3d036
Opcode Fuzzy Hash: 403e666e212a1778012d0e7894ece18e02ed072be2cbd6e6535b6e45e01a913b
Instruction Fuzzy Hash: B901F4326056047BCE1367356CC6D6B26DDAFC17B9B31602DFA25B22D2EE608C0651A0

Function 00EC000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?,?,00EC035E), ref: 00EC002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?), ref: 00EC0046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?), ref: 00EC0054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?), ref: 00EC0064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?), ref: 00EC0070

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 1f58be2a8132a93a27cdd5b8485dfc50998dd78c33a609dfdf3d485088dab6b3
Instruction ID: a496e9e3cd4329dde93c921f4c2c4bd80d41a01723ef4ea7dfc14ce2a7016be7
Opcode Fuzzy Hash: 1f58be2a8132a93a27cdd5b8485dfc50998dd78c33a609dfdf3d485088dab6b3
Instruction Fuzzy Hash: 9601DF72600208FFDB114F69DE05FAA7AADEB84791F215428F801F2210D772DD05DBA0

Function 00ECE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00ECE997
QueryPerformanceFrequency.KERNEL32(?), ref: 00ECE9A5
Sleep.KERNEL32(00000000), ref: 00ECE9AD
QueryPerformanceCounter.KERNEL32(?), ref: 00ECE9B7
Sleep.KERNEL32 ref: 00ECE9F3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 2bd5b240bc005c8a275d2197bcecec8d060cbbc4ca5483f8fb4dfaac5d63e8da
Instruction ID: 467930aa26d82d128afddbd263ea3d5115217415d49cb8ea01eb8b89ee0c6e5c
Opcode Fuzzy Hash: 2bd5b240bc005c8a275d2197bcecec8d060cbbc4ca5483f8fb4dfaac5d63e8da
Instruction Fuzzy Hash: D3016D31C0162DDBCF049FE5DE59AEDBB78FF89300F10158AE502B2240CB319556C7A1

Function 00EC10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00EC1114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00EC114D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 0ce3f8a4752707fd2081b83e51107e3ceeef69e5499d3b1e34eb59a8cbdf001f
Instruction ID: 231c4ee0c2163b1cea8e3a5b9520e794fec630631428976a9276a69f64a17c7d
Opcode Fuzzy Hash: 0ce3f8a4752707fd2081b83e51107e3ceeef69e5499d3b1e34eb59a8cbdf001f
Instruction Fuzzy Hash: F5016975201209BFDB115FA6DD49E6A3B6EEFCA3A4B340459FA41E3360DB31DC51CA60

Function 00EC0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00EC0FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00EC0FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00EC0FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00EC0FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00EC1002

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 1b954b639bb84bf3cfdd56d3415b974d16d92867838df4071d68d24392d2ac5d
Instruction ID: 6a486f90515e12332f28fc2d43ef4521342ba6aef7e8165717a3ab9784cfc410
Opcode Fuzzy Hash: 1b954b639bb84bf3cfdd56d3415b974d16d92867838df4071d68d24392d2ac5d
Instruction Fuzzy Hash: 03F0AF35201305AFD7210FA59E4AF663B6EEFCA761F300459F905E6251CA31DC51CA60

Function 00EC1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00EC102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1062

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: a7f82df0f50b1eb00d35c050de2b37756d93ecb520ccb99062dc2a031277e500
Instruction ID: 3e00dd7b7c26b1f53bcf0bd32ea1ee5641ecb842323e9011dd830d2f08afb384
Opcode Fuzzy Hash: a7f82df0f50b1eb00d35c050de2b37756d93ecb520ccb99062dc2a031277e500
Instruction Fuzzy Hash: 12F0AF35201305AFD7211FA5EE4AF6A3B6DEFCA7A1F300414F905E6251CA31D851DA60

Function 00ED030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED0324
CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED0331
CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED033E
CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED034B
CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED0358
CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED0365

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: fc3deaa4cc0e1b237c00bde58e0b949952eead2eace10897f7ae48cc37775bc1
Instruction ID: 7228ca28a64f9a640affce0a8dafbd5d3901a01d2e063867d5000b6f4ca1fc35
Opcode Fuzzy Hash: fc3deaa4cc0e1b237c00bde58e0b949952eead2eace10897f7ae48cc37775bc1
Instruction Fuzzy Hash: 5E01E272800B058FC7309F66D880812F7F5FF503193199A3FD19262A30C3B0A959CF80

Function 00E9D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00E9D752

Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0

_free.LIBCMT ref: 00E9D764
_free.LIBCMT ref: 00E9D776
_free.LIBCMT ref: 00E9D788
_free.LIBCMT ref: 00E9D79A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: a5a7b9d36e294cd68e9cab3ea7c4285c455833f524312fbbcb742789857a2703
Instruction ID: 744843ef7eb222b73f8281533018c5b1ab703863466f7e48e03744e1d9e0bb45
Opcode Fuzzy Hash: a5a7b9d36e294cd68e9cab3ea7c4285c455833f524312fbbcb742789857a2703
Instruction Fuzzy Hash: 59F0FF32548218BB8E21EBA4FDC5C5A7BDDBB447147A4280AF14CF7501C720FC8086E4

Function 00EC5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00EC5C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00EC5C6F
MessageBeep.USER32(00000000), ref: 00EC5C87
KillTimer.USER32(?,0000040A), ref: 00EC5CA3
EndDialog.USER32(?,00000001), ref: 00EC5CBD

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 7d45c7dbd2a039f34e9c98aa4bf7b3ad7f56e4ea25c7a2b19e3df437af7fb275
Instruction ID: da67cb889e0d782839e7e5e1ddb45ca9702fdc53de64782526420bdd78fbae62
Opcode Fuzzy Hash: 7d45c7dbd2a039f34e9c98aa4bf7b3ad7f56e4ea25c7a2b19e3df437af7fb275
Instruction Fuzzy Hash: FD016231500B08AFEB205B11DF4EFA6B7B8BB40B05F15155DA593B10E1DBF1B989CA90

Function 00E922A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00E922BE

Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0

_free.LIBCMT ref: 00E922D0
_free.LIBCMT ref: 00E922E3
_free.LIBCMT ref: 00E922F4
_free.LIBCMT ref: 00E92305

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 96dc814ca571be3aa6b8e34b248448af77a22d40cc109019b2a0e213f61ff589
Instruction ID: 7e76f67bd2ad7992e469e5c3883f1c50883fd1b8a7c8384416664f16482d21e9
Opcode Fuzzy Hash: 96dc814ca571be3aa6b8e34b248448af77a22d40cc109019b2a0e213f61ff589
Instruction Fuzzy Hash: AFF05E70801528AB8E22EF64BC0184E3BA6F758770700150FF518E23B1CB304912FFE4

Function 00E795C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00E795D4
StrokeAndFillPath.GDI32(?,?,00EB71F7,00000000,?,?,?), ref: 00E795F0
SelectObject.GDI32(?,00000000), ref: 00E79603
DeleteObject.GDI32 ref: 00E79616
StrokePath.GDI32(?), ref: 00E79631

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: c0809e7558e67fc5bcb2ae4a21ac5388d9473e748dae8ff8b40b481ad8b239b4
Instruction ID: d625613ccf40a0ec9d47c1c6a51690ac579176f59ce06766c9b44bffe2180ce8
Opcode Fuzzy Hash: c0809e7558e67fc5bcb2ae4a21ac5388d9473e748dae8ff8b40b481ad8b239b4
Instruction Fuzzy Hash: D4F0C93500660CEFDB169F66EE18BA43B66BB41376F248354F469650F1CB3089A9EF20

Function 00E90F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00E910F9
__freea.LIBCMT ref: 00E91117

Part of subcall function 00E91537: _free.LIBCMT ref: 00E9154F

Strings

am/pm, xrefs: 00E9117A
a/p, xrefs: 00E911DE

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 7a592608741aa7357d76950a1c0aeed0e6da1eb32bbcdd4d6407269e2a0b7601
Instruction ID: f5494a9a49eb3708029c1d186766050422e072e688998616e1dd0ddea7876622
Opcode Fuzzy Hash: 7a592608741aa7357d76950a1c0aeed0e6da1eb32bbcdd4d6407269e2a0b7601
Instruction Fuzzy Hash: 24D1FF31A00207DADF29DF68C885BFEB7B1EF06704F292199E915BBA50D3759D80CB91

Function 00E95AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

Strings

JO, xrefs: 00E95BA8, 00E95C6C

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID: JO
API String ID: 0-1663374661
Opcode ID: 3291df8d66367ea643a18341a44b736b19cdd462eb1fff557747ce1dfa71d266
Instruction ID: 87d233b239aa3e66a2688a06e00e2130a25617b6b6028ac6cb803dc9c9bea0b3
Opcode Fuzzy Hash: 3291df8d66367ea643a18341a44b736b19cdd462eb1fff557747ce1dfa71d266
Instruction Fuzzy Hash: 15518F72900609AFCF22AFA4C945EEEBBF8AF45314F14215AF409B72A1D7719901DB61

Function 00E98A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00E98B6E
GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00E98B7A
__dosmaperr.LIBCMT ref: 00E98B81

Strings

., xrefs: 00E98A63

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide__dosmaperr
String ID: .
API String ID: 2434981716-3963672497
Opcode ID: e324e3d0ab81519cb2a8f97b2f5d41b9f24cb78b00ee5e0268af1ef6ee8ca926
Instruction ID: b480a65855b1575ae645e811e0fa46ed00c4bdc4a598f6af06c9bab2b5fe5857
Opcode Fuzzy Hash: e324e3d0ab81519cb2a8f97b2f5d41b9f24cb78b00ee5e0268af1ef6ee8ca926
Instruction Fuzzy Hash: F4416EB4604145AFDF249F24C990ABD7FE6DB87314F2C519AF485A7262EE318C02D790

Function 00EC2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00ECB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00EC21D0,?,?,00000034,00000800,?,00000034), ref: 00ECB42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00EC2760

Part of subcall function 00ECB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00EC21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00ECB3F8

Part of subcall function 00ECB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00ECB355
Part of subcall function 00ECB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00EC2194,00000034,?,?,00001004,00000000,00000000), ref: 00ECB365
Part of subcall function 00ECB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00EC2194,00000034,?,?,00001004,00000000,00000000), ref: 00ECB37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00EC27CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00EC281A

Strings

@, xrefs: 00EC2832

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 722d80576718938f1aac238cda0a4c0a8f7292bc3bed5cb985d4f924982ccb42
Instruction ID: b3d4ae1a908226b0758c5908d37b6cf05bee38efb527945e0eb61937fc04c403
Opcode Fuzzy Hash: 722d80576718938f1aac238cda0a4c0a8f7292bc3bed5cb985d4f924982ccb42
Instruction Fuzzy Hash: C0412D72900218AFDB14DBA4CD86FEEBBB8AF09700F105099FA55B7181DB716E46CB61

Function 00E9172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00E91769
_free.LIBCMT ref: 00E91834
_free.LIBCMT ref: 00E9183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00E91760, 00E91767, 00E91796, 00E917CE

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-517116171
Opcode ID: 42eef6957b9a7d78d7a39a32ea7c551e1c60d5f9ace449ed4d2c7b6cb13e43ce
Instruction ID: 6c41b8b5e512a36b9f8f0071fe601b10c9fdce77edc73223bbe24a96e2e1cfd9
Opcode Fuzzy Hash: 42eef6957b9a7d78d7a39a32ea7c551e1c60d5f9ace449ed4d2c7b6cb13e43ce
Instruction Fuzzy Hash: F4317075A0021AAFDF25DF99D885D9FBBFCEB85324B1451ABF804E7211D6708E40DBA0

Function 00ECC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00ECC306
DeleteMenu.USER32(?,00000007,00000000), ref: 00ECC34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00F31990,011156F8), ref: 00ECC395

Strings

0, xrefs: 00ECC2DF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: 985db7535f4d2ac5fa02810e5b822d4c955f3f746ddaafdb5b99c72b6a085fa0
Instruction ID: ccef9b41ab721aae675438b352ae1c252f9a57e8192ba3f220e0a514afa267a3
Opcode Fuzzy Hash: 985db7535f4d2ac5fa02810e5b822d4c955f3f746ddaafdb5b99c72b6a085fa0
Instruction Fuzzy Hash: 3C41E5312043419FD720DF29E944F5ABBE4AF85314F20966DF869E72D1C731E806CB52

Function 00EF4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00EFCC08,00000000,?,?,?,?), ref: 00EF44AA
GetWindowLongW.USER32 ref: 00EF44C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EF44D7

Strings

SysTreeView32, xrefs: 00EF447C

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: a4ec385970f0f4454b1c69d75bf411b0a8424d1afcc617aa521a8dad61e25a3a
Instruction ID: 06a03c4d9219a1919c47b3e32da6a6b6273903f90960e3fde0c0535ce1b1dcbe
Opcode Fuzzy Hash: a4ec385970f0f4454b1c69d75bf411b0a8424d1afcc617aa521a8dad61e25a3a
Instruction Fuzzy Hash: 5F317C71214209AFDB219E38DC45BEB77A9EB48338F205725FA79B21E0D770EC549B50

Function 00EC6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

SysReAllocString.OLEAUT32(?,?), ref: 00EC6EED
VariantCopyInd.OLEAUT32(?,?), ref: 00EC6F08
VariantClear.OLEAUT32(?), ref: 00EC6F12

Strings

*j, xrefs: 00EC6E8B, 00EC6E90, 00EC6EF8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Variant$AllocClearCopyString
String ID: *j
API String ID: 2173805711-1845181700
Opcode ID: 20dc98d40b192abb7913a2bbaa1cd13eace2992ed146fe330366713deed7d4b9
Instruction ID: 0dc86766741cb40885883b101845451bf0df8b8abc0566dc860756ab4b7de871
Opcode Fuzzy Hash: 20dc98d40b192abb7913a2bbaa1cd13eace2992ed146fe330366713deed7d4b9
Instruction Fuzzy Hash: 0E31B071704385DFCB05AFA4E950EBE37B6EF8A344B10149CFA02AB2A1C7719912DB90

Function 00EE304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00EE335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00EE3077,?,?), ref: 00EE3378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00EE307A
_wcslen.LIBCMT ref: 00EE309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00EE3106

Strings

255.255.255.255, xrefs: 00EE3095, 00EE309A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 3e9369124838481d47fa942df5f90b1b84139b0400563794df0d36f9159b956a
Instruction ID: a94a1eadad32bb88bb94c2e8b7ca419cc6205fd640de400f239514f1959642b8
Opcode Fuzzy Hash: 3e9369124838481d47fa942df5f90b1b84139b0400563794df0d36f9159b956a
Instruction Fuzzy Hash: 5A31E7352042899FCB20CF7AC589EAA77E0EF54318F259059E815AB393D732EF45C760

Function 00EF3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00EF3F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00EF3F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00EF3F78

Strings

SysMonthCal32, xrefs: 00EF3F0B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 6ca875f40b1ce33de7dab9359dba56784ffefbc6dd7df6d8dd09b7888ddfd0d7
Instruction ID: 5f6809da089aa5574e08121f99b4d2db9f6f65b983922b8b8e57670744b3ab01
Opcode Fuzzy Hash: 6ca875f40b1ce33de7dab9359dba56784ffefbc6dd7df6d8dd09b7888ddfd0d7
Instruction Fuzzy Hash: D621AD32600219BFDF218F60DC46FEA3BB6EF48728F111214FA15BB190D6B1A954CB90

Function 00EF4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00EF4705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00EF4713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00EF471A

Strings

msctls_updown32, xrefs: 00EF4684

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 2b7bbe738b81c507afeaea08a224f3106a75a0f390a1a2d2a77f058f22bdf596
Instruction ID: 147519f02d05b130f0e6450d972b09f0ea5cd7cb75a63ce246c23172f986c16a
Opcode Fuzzy Hash: 2b7bbe738b81c507afeaea08a224f3106a75a0f390a1a2d2a77f058f22bdf596
Instruction Fuzzy Hash: 71214FF5601208AFEB10DF64DC81DB737EDEB8A3A8B151059F600AB291C770EC11DA60

Function 00EC95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00EC961D

Strings

#OnAutoItStartRegister, xrefs: 00EC95F3
#notrayicon, xrefs: 00EC95B7
#requireadmin, xrefs: 00EC95D9

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 34b282d4e30c8884bf91aa286f0bfde676c4041dedd4424bb09979ea55a219eb
Instruction ID: 3851c420745eee5d8e75f7e9dfed6ad0be81073a13110f552e0c0415dcef8ee6
Opcode Fuzzy Hash: 34b282d4e30c8884bf91aa286f0bfde676c4041dedd4424bb09979ea55a219eb
Instruction Fuzzy Hash: AD21297220461166D331AB249E0AFBB73D8AF95318F50602EF94DB7082EB529D42C3A5

Function 00EF37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00EF3840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00EF3850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00EF3876

Strings

Listbox, xrefs: 00EF380F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: a9104eac551e597cdc936d462ff2007be3e827377f8966c3404c67ec65da28ae
Instruction ID: e0a88ab03612c95bf70c92d5f5a9c5464ff3c74674396e1a5873545e99e0c82d
Opcode Fuzzy Hash: a9104eac551e597cdc936d462ff2007be3e827377f8966c3404c67ec65da28ae
Instruction Fuzzy Hash: 9821BE7261021CBBEF219F64DC81EBB376AEF897A4F119125FA04AB1D0C675DC52C7A0

Function 00ED49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00ED4A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00ED4A5C
SetErrorMode.KERNEL32(00000000,?,?,00EFCC08), ref: 00ED4AD0

Strings

%lu, xrefs: 00ED4A6F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 9c354edb556a51621c5f0128b141ed51a7c0cc9a08b15ff211c3e49a46fb2488
Instruction ID: 3476dc44e43831ea2be18b58b25a01d21cd16b821c32fc9c9a06d367dd700161
Opcode Fuzzy Hash: 9c354edb556a51621c5f0128b141ed51a7c0cc9a08b15ff211c3e49a46fb2488
Instruction Fuzzy Hash: 45319174A00108AFDB10DF54C985EAABBF8EF48308F1490A9F809EB352D771ED46CB61

Function 00EF41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00EF424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00EF4264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00EF4271

Strings

msctls_trackbar32, xrefs: 00EF4226

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 02f466199ab17588b2d08057793ca48fddcb782433dd78735d80ac7c49dea10b
Instruction ID: 34a089ece2ba1a0e52055e384553cd8277409570c115bf33cb154d4c4d8bfd4f
Opcode Fuzzy Hash: 02f466199ab17588b2d08057793ca48fddcb782433dd78735d80ac7c49dea10b
Instruction Fuzzy Hash: 1B11CE7124024CBEEF205E69CC06FBB3BA8EB85B68F111524FA55F20E0D271D8119B20

Function 00EC2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A

Part of subcall function 00EC2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00EC2DC5
Part of subcall function 00EC2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EC2DD6
Part of subcall function 00EC2DA7: GetCurrentThreadId.KERNEL32 ref: 00EC2DDD
Part of subcall function 00EC2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00EC2DE4

GetFocus.USER32 ref: 00EC2F78

Part of subcall function 00EC2DEE: GetParent.USER32(00000000), ref: 00EC2DF9

GetClassNameW.USER32(?,?,00000100), ref: 00EC2FC3
EnumChildWindows.USER32(?,00EC303B), ref: 00EC2FEB

Strings

%s%d, xrefs: 00EC2FFF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: ee61e124e69147686b7d9737e39c16a5c7e6e68033825e6813ec36b49c557636
Instruction ID: 1bd3f209c8d18f955306dcfdc5486cacb1cfcf6944dab7c0518ff7aa0cbf6693
Opcode Fuzzy Hash: ee61e124e69147686b7d9737e39c16a5c7e6e68033825e6813ec36b49c557636
Instruction Fuzzy Hash: 2B11C6712002099BCF106F709D86FED77A99F94304F149079B909B7292DE71594ACB60

Function 00EF5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00EF58C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00EF58EE
DrawMenuBar.USER32(?), ref: 00EF58FD

Strings

0, xrefs: 00EF588F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 073b85da85f3396cd1ae0b473dfaf299a3dfebcf401d6dad61538cd59a758d75
Instruction ID: d463034ccc4a97fd4018f0004a60ef17c8b46ea4a154187085893c086517634a
Opcode Fuzzy Hash: 073b85da85f3396cd1ae0b473dfaf299a3dfebcf401d6dad61538cd59a758d75
Instruction Fuzzy Hash: 48015E3250021CEEDB219F11DC44BBEBBB4FF85364F208099EA59E6151EB708A84DF21

Function 00EBD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00EBD3BF
FreeLibrary.KERNEL32 ref: 00EBD3E5

Strings

X64, xrefs: 00EBD2A8
GetSystemWow64DirectoryW, xrefs: 00EBD3B9

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 3013587201-2590602151
Opcode ID: 62753dd600b339f3a288fd7be197059f90f89cf1403e5a4a4b9142b463e1b051
Instruction ID: d353490d7aa2f8cbe9ed506b6e43104ec5659737e46c145933fbb2b82ab5b72b
Opcode Fuzzy Hash: 62753dd600b339f3a288fd7be197059f90f89cf1403e5a4a4b9142b463e1b051
Instruction Fuzzy Hash: B0F0553180E66A8BD73112114C249FB3370AF50705B78B578E402F101AFB28CC888292

Function 00EC007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a6b3ed5c8f956fb917b0130e621a8ee4ccaf3892b232e87f9c2d4931ac3ac99
Instruction ID: 9034c68e8b78b92075d845c3edd4fe7a1c861c1ff1e21bea75af1f21afed90c3
Opcode Fuzzy Hash: 3a6b3ed5c8f956fb917b0130e621a8ee4ccaf3892b232e87f9c2d4931ac3ac99
Instruction Fuzzy Hash: C1C13875A0021AEFDB14CF98C994FAEB7B5FF48304F249598E505AB251D732DD42CB90

Function 00EE342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00EE3459
CoUninitialize.OLE32 ref: 00EE3463
VariantInit.OLEAUT32(?), ref: 00EE346E
VariantClear.OLEAUT32(?), ref: 00EE371B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 39d3182ba8df37cfc6ff4feb5764661702e0ccbd232c813d553b6bd4d59122cd
Instruction ID: e870932ecf0b54f003f9f2dc3e4daa309af5546733091012754c2d8573f94a65
Opcode Fuzzy Hash: 39d3182ba8df37cfc6ff4feb5764661702e0ccbd232c813d553b6bd4d59122cd
Instruction Fuzzy Hash: 05A16A752043059FC700DF29C589A2AB7E5FF88754F14985EF98AAB362DB30EE05CB91

Function 00EC0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00EFFC08,?), ref: 00EC05F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00EFFC08,?), ref: 00EC0608
CLSIDFromProgID.OLE32(?,?,00000000,00EFCC40,000000FF,?,00000000,00000800,00000000,?,00EFFC08,?), ref: 00EC062D
_memcmp.LIBVCRUNTIME ref: 00EC064E

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 5e9d3d79dce81bd8d9d72557f1af9e28e48404d3596edd9a16b8a08109846d66
Instruction ID: 984f79549d55c471e4ba13af5a69166f3363eec0c9abe60f909b5bd13e475db5
Opcode Fuzzy Hash: 5e9d3d79dce81bd8d9d72557f1af9e28e48404d3596edd9a16b8a08109846d66
Instruction Fuzzy Hash: DF81E975A00109EFCB04DF94CA84EEEB7B9FF89315F205558E516BB250DB72AE06CB60

Function 00EA1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00EA14C0

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 390f9ae97074a2838b6fa0ef1381555b95e609b884695957e2cba801724286ce
Instruction ID: c19322788d1a4bb5fb398256053f6b5de504c53976b963b440e08b7ac38745f8
Opcode Fuzzy Hash: 390f9ae97074a2838b6fa0ef1381555b95e609b884695957e2cba801724286ce
Instruction Fuzzy Hash: 13413B31A00114ABDF267BBD8C45ABE3AE5EF4F374F2422A5F43CFA192E634584153A1

Function 00EF6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00EF62E2
ScreenToClient.USER32(?,?), ref: 00EF6315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00EF6382

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: c2b3b3649b83b472ede1b4167a530b24b7cfcfa0fd28ca90d2505533a282e163
Instruction ID: 1ba1c5b40bcdf7467268c8de6622889bec7ed9bd73201a40f2d2d4fb55531fd2
Opcode Fuzzy Hash: c2b3b3649b83b472ede1b4167a530b24b7cfcfa0fd28ca90d2505533a282e163
Instruction Fuzzy Hash: 71513974A01209EFDB10DF68D880ABE7BB6FB95364F209169F915AB2A0D730ED41CB50

Function 00EE1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00EE1AFD
WSAGetLastError.WSOCK32 ref: 00EE1B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00EE1B8A
WSAGetLastError.WSOCK32 ref: 00EE1B94

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 8711677a1bf47da66079d246ed0100fb0dbe83ba8b63d6ea63c9ef688be81c43
Instruction ID: 0e50b22168626ddf60f6d0af9efb96e59642e8e66c3484fc44717625092377ac
Opcode Fuzzy Hash: 8711677a1bf47da66079d246ed0100fb0dbe83ba8b63d6ea63c9ef688be81c43
Instruction Fuzzy Hash: 4341D334640200AFE720AF25D886F2677E5AB44718F54D488F95AAF3D2E772ED81CB90

Function 00E9B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7078422d4c9c25d277e49cc5a796b50f0ed3348e16519fd625039448963760e
Instruction ID: b2f69c7aa8477e125e8358909947977c7ec1053de9405b4a928affee86bd6011
Opcode Fuzzy Hash: f7078422d4c9c25d277e49cc5a796b50f0ed3348e16519fd625039448963760e
Instruction Fuzzy Hash: 1C414075A00304BFDB24AF78DD41B9A7BE9EF88710F10552EF115FB291E37199019780

Function 00ED56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00ED5783
GetLastError.KERNEL32(?,00000000), ref: 00ED57A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00ED57CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00ED57FA

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 7895fa0debe966d849e3caaeff4f55aa3e93d47e5c44ad0986990195e0359174
Instruction ID: 8338e4144c751cf2a75e46dc41fcc9388acfc899db273b22bc62a8b477aed3f3
Opcode Fuzzy Hash: 7895fa0debe966d849e3caaeff4f55aa3e93d47e5c44ad0986990195e0359174
Instruction Fuzzy Hash: BD414E39600A10DFCB11DF15D544A5EBBF2EF89364B299499E84ABB362CB30FD41CB91

Function 00E9D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00E882D9,?,00E882D9,?,00000001,?,?,00000001,00E882D9,00E882D9), ref: 00E9D910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00E9D999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00E9D9AB
__freea.LIBCMT ref: 00E9D9B4

Part of subcall function 00E93820: RtlAllocateHeap.NTDLL(00000000,?,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6,?,00E61129), ref: 00E93852

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: edde0db4d1acbbbad365edfbac398cf0f9194b2a3efcdeff33cf68e7196e9414
Instruction ID: bc2c30b748ad7309a5d1c0d107f8adc0acb44fe2195c45861db883e5ec2a88be
Opcode Fuzzy Hash: edde0db4d1acbbbad365edfbac398cf0f9194b2a3efcdeff33cf68e7196e9414
Instruction Fuzzy Hash: BC31EF72A0021AABDF24EFA5DC41EAE7BA5EB80314F150169FC08F7290EB75CD54CB90

Function 00EF52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00EF5352
GetWindowLongW.USER32(?,000000F0), ref: 00EF5375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EF5382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00EF53A8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: aaac3aca062c773bdc04a2063adf699a38e49717d8d3cfa28c6b8acd620d07d8
Instruction ID: 15d291ab4833ee5e0e1b75e23b5fa6ff151c83920e5a6bc4c2f43b743be2eb20
Opcode Fuzzy Hash: aaac3aca062c773bdc04a2063adf699a38e49717d8d3cfa28c6b8acd620d07d8
Instruction Fuzzy Hash: 3131A136A57A0CEFEB209A1CCC05BF877A6AB25394F586111FB10B61E5C7B09940EB42

Function 00ECAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00ECABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 00ECAC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 00ECAC74
SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00ECACC6

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: c6c19bba2ee97fa1a498a664eb7553687968bde37fd47f5e6b33d6d459cf2189
Instruction ID: 232264d93960c3380e3a72b21b5cba752499a1bf68b07b199f02fc467cbb25d3
Opcode Fuzzy Hash: c6c19bba2ee97fa1a498a664eb7553687968bde37fd47f5e6b33d6d459cf2189
Instruction Fuzzy Hash: C1311A3094431C6FEB34CB658904FFEB6A56B8531CF1C622EE481B21D1C37689568752

Function 00EF7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00EF769A
GetWindowRect.USER32(?,?), ref: 00EF7710
PtInRect.USER32(?,?,00EF8B89), ref: 00EF7720
MessageBeep.USER32(00000000), ref: 00EF778C

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 1cbc3953f008a34055697cf4993d4161603f869e704709c6ac923d41eb9a8f6e
Instruction ID: 85b986e892a169766d4d18b189de1b41550f2fd41c8c0e128538033d3cd17b06
Opcode Fuzzy Hash: 1cbc3953f008a34055697cf4993d4161603f869e704709c6ac923d41eb9a8f6e
Instruction Fuzzy Hash: 03419E3461921CDFDB01EF59C894EB977F5BB48315F2550AAE694AB2A1C330E941CB90

Function 00EF16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00EF16EB

Part of subcall function 00EC3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EC3A57
Part of subcall function 00EC3A3D: GetCurrentThreadId.KERNEL32 ref: 00EC3A5E
Part of subcall function 00EC3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00EC25B3), ref: 00EC3A65

GetCaretPos.USER32(?), ref: 00EF16FF
ClientToScreen.USER32(00000000,?), ref: 00EF174C
GetForegroundWindow.USER32 ref: 00EF1752

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 3cf063eb0d1cd477cd9a9ec2ca568b7694ea199ddff8a91e22f9a2fd4aac8866
Instruction ID: 96a2ce4eed4aecc60f4c69195b860209d166926068f351dc3a2d16d2f22daaff
Opcode Fuzzy Hash: 3cf063eb0d1cd477cd9a9ec2ca568b7694ea199ddff8a91e22f9a2fd4aac8866
Instruction Fuzzy Hash: 99315275D00149AFC700EFA5D981CBEBBF9EF48308B6490AAE455F7251D6319E45CBA0

Function 00ECDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00E67620: _wcslen.LIBCMT ref: 00E67625

_wcslen.LIBCMT ref: 00ECDFCB
_wcslen.LIBCMT ref: 00ECDFE2
_wcslen.LIBCMT ref: 00ECE00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00ECE018

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: d7408d8a9b7c50c7e6dc38fc9adee0396e15d9a4acb94ee8cc855c7dffc2c2f9
Instruction ID: 60e47b64ac4821d30084826ac93a70232348d49e2866eb64b2822696e2c949e0
Opcode Fuzzy Hash: d7408d8a9b7c50c7e6dc38fc9adee0396e15d9a4acb94ee8cc855c7dffc2c2f9
Instruction Fuzzy Hash: 5E21A671900215AFCB20EF64DD82B6EB7F8EF85760F145069E809BB381D6719D41CBA1

Function 00ECD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00ECD501
Process32FirstW.KERNEL32(00000000,?), ref: 00ECD50F
Process32NextW.KERNEL32(00000000,?), ref: 00ECD52F
CloseHandle.KERNEL32(00000000), ref: 00ECD5DC

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: c6ba6ebaa2c874349c6a1ada1e0cbe4a4f8c542b091cda2a24e8ca185c867246
Instruction ID: 80565d4bc74b217e3d09fb86ee31d40304d6b9eaea9f4e9c763dfe6d4a24fb65
Opcode Fuzzy Hash: c6ba6ebaa2c874349c6a1ada1e0cbe4a4f8c542b091cda2a24e8ca185c867246
Instruction Fuzzy Hash: D5318F711082009FD304EF54DD81EABBBF8AFD9394F24152DF581A31A2EB729949CB92

Function 00EF8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2

GetCursorPos.USER32(?), ref: 00EF9001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00EB7711,?,?,?,?,?), ref: 00EF9016
GetCursorPos.USER32(?), ref: 00EF905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00EB7711,?,?,?), ref: 00EF9094

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 38a29480140310c553fe3a0722c6eaa91641b4e2ad1c201b44f65196922770db
Instruction ID: a9f446d2ba5d2fdc97bc8891528dcf9e5a1b1ceb5b11c1372fb69298bacfb6ec
Opcode Fuzzy Hash: 38a29480140310c553fe3a0722c6eaa91641b4e2ad1c201b44f65196922770db
Instruction Fuzzy Hash: 4F218D3160001CAFDB258F95C858FFA3BB9EB89360F104065FA456B2A2C7759A90EB60

Function 00ECD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00EFCB68), ref: 00ECD2FB
GetLastError.KERNEL32 ref: 00ECD30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 00ECD319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00EFCB68), ref: 00ECD376

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 1da45d3487e40d2460e8329af32181ba04c2d8784f1724442b097029b64a3c85
Instruction ID: c2dd301c50ed8d562c180fcef43c9b4bf1d142dfa9d28f64f9abb3766183e96e
Opcode Fuzzy Hash: 1da45d3487e40d2460e8329af32181ba04c2d8784f1724442b097029b64a3c85
Instruction Fuzzy Hash: 7B21D8705083059F8300DF28DE819AE77E4EF95364F205A2DF495E72A1D732D90ACB53

Function 00EC1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00EC102A
Part of subcall function 00EC1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1036
Part of subcall function 00EC1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1045
Part of subcall function 00EC1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC104C
Part of subcall function 00EC1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00EC15BE
_memcmp.LIBVCRUNTIME ref: 00EC15E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC1617
HeapFree.KERNEL32(00000000), ref: 00EC161E

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: b247d43992ed6d0e9d26f0c9b34592212981776298a09ab2489aee79d2da4569
Instruction ID: 165eaef5e740f0723d78fb44ddca7d3c345fba49e10f8f527624418e4bb5a29e
Opcode Fuzzy Hash: b247d43992ed6d0e9d26f0c9b34592212981776298a09ab2489aee79d2da4569
Instruction Fuzzy Hash: A7217C71E00108AFDB00DFA4CA45FEEB7B8EF85344F284499E445B7242D732AA46DB50

Function 00EF2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00EF280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00EF2824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00EF2832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00EF2840

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 1db49526157f9f7e6ba10a44b1c25f67b42f4bd103a96b9946c1f5387f7e7d2b
Instruction ID: e8c96e4a0783c8fcedfb066b637a9a87060a4487c310abf81558c343a5456efb
Opcode Fuzzy Hash: 1db49526157f9f7e6ba10a44b1c25f67b42f4bd103a96b9946c1f5387f7e7d2b
Instruction Fuzzy Hash: 9C21F131204559AFD7149B24C844FBA7B99EF85324F24915CF626EB2E2C771FC82C790

Function 00EC78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00EC790A,?,000000FF,?,00EC8754,00000000,?,0000001C,?,?), ref: 00EC8D8C
Part of subcall function 00EC8D7D: lstrcpyW.KERNEL32(00000000,?,?,00EC790A,?,000000FF,?,00EC8754,00000000,?,0000001C,?,?,00000000), ref: 00EC8DB2
Part of subcall function 00EC8D7D: lstrcmpiW.KERNEL32(00000000,?,00EC790A,?,000000FF,?,00EC8754,00000000,?,0000001C,?,?), ref: 00EC8DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00EC8754,00000000,?,0000001C,?,?,00000000), ref: 00EC7923
lstrcpyW.KERNEL32(00000000,?,?,00EC8754,00000000,?,0000001C,?,?,00000000), ref: 00EC7949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00EC8754,00000000,?,0000001C,?,?,00000000), ref: 00EC7984

Strings

cdecl, xrefs: 00EC797B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 5c694b935a4b1b9f88c74230bbe95840ce2adb92dd508e3f5170a172ae68081b
Instruction ID: 24f9efc61a5dc40153d84f39801bdc0447b8449b9db72457ad95effac927a1b3
Opcode Fuzzy Hash: 5c694b935a4b1b9f88c74230bbe95840ce2adb92dd508e3f5170a172ae68081b
Instruction Fuzzy Hash: 8B11063A200201AFCB159F35D944E7A77E9FF85354B10502EF986D7264EB329812CB61

Function 00EF7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00EF7D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00EF7D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00EF7D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00EDB7AD,00000000), ref: 00EF7D6B

Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: d81650bcbe5522d0f0d8ce3dcb16e052282bf8b313c8f84a1669266893c3bb35
Instruction ID: 1cd555d7302c823159f701539ad89f84149764a7fbbf360afb9b7719be273740
Opcode Fuzzy Hash: d81650bcbe5522d0f0d8ce3dcb16e052282bf8b313c8f84a1669266893c3bb35
Instruction Fuzzy Hash: FF11D23120561DAFCB108F29CC04AB63BA5BF86374B619324F979EB2F0D7318951DB40

Function 00EF5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 00EF56BB
_wcslen.LIBCMT ref: 00EF56CD
_wcslen.LIBCMT ref: 00EF56D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00EF5816

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: b5ddc812aecff91a7101043d1b9df6b14cf464a2eb6e729bef6de6b4748dbc85
Instruction ID: 9fbefe0bd05640276d8534da3fae1439dfcc6105222c598c99b556a6641955d5
Opcode Fuzzy Hash: b5ddc812aecff91a7101043d1b9df6b14cf464a2eb6e729bef6de6b4748dbc85
Instruction Fuzzy Hash: AD11D67260060D96DB209F61CC85AFE77BCEF61764F10902AFB2AF6081E770C984CB61

Function 00E91D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c9327c41487761cafd91e00e2ec3e10787364b283c780b08fad9bcb59d11d30
Instruction ID: 56928664ecb133fb951ea81433ace9127010ad0735299835e1fd150e2d4d7490
Opcode Fuzzy Hash: 3c9327c41487761cafd91e00e2ec3e10787364b283c780b08fad9bcb59d11d30
Instruction Fuzzy Hash: E2016DF220A71B7EFE2126796CC1F67666DDF813B9B352369F631B11D2DB608C009160

Function 00EC1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00EC1A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EC1A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EC1A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EC1A8A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: def05be0b22db8b234876082315033e302d954ff9f27e0e57412b263c5d95faa
Instruction ID: ee403ab5bd6888e1b6efbee2e53354fd246c755b15622496c3f2af8576f87e06
Opcode Fuzzy Hash: def05be0b22db8b234876082315033e302d954ff9f27e0e57412b263c5d95faa
Instruction Fuzzy Hash: 1E11393AD01219FFEB10DBA5CD85FADBB78EB08750F200095EA00B7290D6716E51DB94

Function 00ECE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00ECE1FD
MessageBoxW.USER32(?,?,?,?), ref: 00ECE230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00ECE246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00ECE24D

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: cf08a91690d1cd0d09ee07b4f08ef4f33260483d142ce4dd7fe3a52f72a93519
Instruction ID: 1933f778703494bcb5be8c276e932a9941f6aaff0757dbca04fff4509005722d
Opcode Fuzzy Hash: cf08a91690d1cd0d09ee07b4f08ef4f33260483d142ce4dd7fe3a52f72a93519
Instruction Fuzzy Hash: 3911087290521CBFC7059BA89D05FAE7FADAB85324F204259F824F3391D271CD0487A0

Function 00E8D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,00E8CFF9,00000000,00000004,00000000), ref: 00E8D218
GetLastError.KERNEL32 ref: 00E8D224
__dosmaperr.LIBCMT ref: 00E8D22B
ResumeThread.KERNEL32(00000000), ref: 00E8D249

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: f316738cf2351f0404bf58e0ac77a9cffad0380c9dc05a7ca54d35ee964cd4cc
Instruction ID: 1a118a67076742c7a9304b33d26478d4f984ba0358f52d9a4a048355865b9eb2
Opcode Fuzzy Hash: f316738cf2351f0404bf58e0ac77a9cffad0380c9dc05a7ca54d35ee964cd4cc
Instruction Fuzzy Hash: 9F01D636409208BFDB117BA5DC09BAE7BA9EF81730F201259F92DB21F0CB708905C7A0

Function 00EF9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2

GetClientRect.USER32(?,?), ref: 00EF9F31
GetCursorPos.USER32(?), ref: 00EF9F3B
ScreenToClient.USER32(?,?), ref: 00EF9F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00EF9F7A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 8c2534c0415d4fa1829ad2f9b0ff6e699710c7972d6ac4307a652e41ccba40d1
Instruction ID: d2f1391bc1cc6bcccddd7f328846caa9c863d2d2c239cc15be7610c8c9561079
Opcode Fuzzy Hash: 8c2534c0415d4fa1829ad2f9b0ff6e699710c7972d6ac4307a652e41ccba40d1
Instruction Fuzzy Hash: 6F112532A0011EABDB10DF69C849AFE77B9FB45311F204451FA51F7142D730AA85CBA1

Function 00E6600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E6604C
GetStockObject.GDI32(00000011), ref: 00E66060
SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6606A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 130041926f5b3f37cff945bbca058dbeffde79f02d293e82a75fe09c7d3ce606
Instruction ID: e89556b58fd36df9afb37d1b332a828ef2245dc6ecce0906ba838312559e35e7
Opcode Fuzzy Hash: 130041926f5b3f37cff945bbca058dbeffde79f02d293e82a75fe09c7d3ce606
Instruction Fuzzy Hash: D7118E72101508BFEF625FA49C44AEABF69EF483A4F101116FA0466050D772DC60DB90

Function 00E83B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00E83B56

Part of subcall function 00E83AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00E83AD2
Part of subcall function 00E83AA3: ___AdjustPointer.LIBCMT ref: 00E83AED

_UnwindNestedFrames.LIBCMT ref: 00E83B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00E83B7C
CallCatchBlock.LIBVCRUNTIME ref: 00E83BA4

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 7ae86b8f66f9b4d4c218ffe7e59f868d7b54156177a2b3104daa18e17e7ea620
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: CF0129B2100149BBDF126EA5CC42EEB7FA9EF48B58F045014FE4C66121D732E961EBA0

Function 00E93073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00E613C6,00000000,00000000,?,00E9301A,00E613C6,00000000,00000000,00000000,?,00E9328B,00000006,FlsSetValue), ref: 00E930A5
GetLastError.KERNEL32(?,00E9301A,00E613C6,00000000,00000000,00000000,?,00E9328B,00000006,FlsSetValue,00F02290,FlsSetValue,00000000,00000364,?,00E92E46), ref: 00E930B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00E9301A,00E613C6,00000000,00000000,00000000,?,00E9328B,00000006,FlsSetValue,00F02290,FlsSetValue,00000000), ref: 00E930BF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: f3845d7a78cfb7c8171685455f5d2f2a355ce16b545fff3d7dc4789144577487
Instruction ID: 5905f76ad6173c06a50fbdda4835b69a7ffe38466d931b5562eaf952a543f933
Opcode Fuzzy Hash: f3845d7a78cfb7c8171685455f5d2f2a355ce16b545fff3d7dc4789144577487
Instruction Fuzzy Hash: 9A01F232302726ABDF314B79AC44AAB7B99EF45BA5B314620F916F3150DB21DD09C6E0

Function 00EC7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00EC747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00EC7497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00EC74AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00EC74CA

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 5388b656015e84b692b1f62c17c091af270c77d97ed49d9a972de5f8b0aa398d
Instruction ID: 8f78469130953977ea9900a6929e8b94e9080b0bdd398da1c081adfb8b114aee
Opcode Fuzzy Hash: 5388b656015e84b692b1f62c17c091af270c77d97ed49d9a972de5f8b0aa398d
Instruction Fuzzy Hash: 57117CB12053149FE7248F14DE09FA2BBB8FB40B04F20856DA6B6E6151D771E909DF50

Function 00ECB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00ECACD3,?,00008000), ref: 00ECB0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00ECACD3,?,00008000), ref: 00ECB0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00ECACD3,?,00008000), ref: 00ECB0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00ECACD3,?,00008000), ref: 00ECB126

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: fe46abf3e55da658b5fccea143b4e18980a2f57b3a1def19fc3bdf9a31ff6eb3
Instruction ID: 98141121cf50c4028a809f5c71d8ca38f8e182c8dc1d787194fe6f66c7f3a402
Opcode Fuzzy Hash: fe46abf3e55da658b5fccea143b4e18980a2f57b3a1def19fc3bdf9a31ff6eb3
Instruction Fuzzy Hash: C9112A31C0251CEBCF049FA5DA5ABEEBB78FF49711F205089D941B2181CB315552CB52

Function 00EF7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00EF7E33
ScreenToClient.USER32(?,?), ref: 00EF7E4B
ScreenToClient.USER32(?,?), ref: 00EF7E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00EF7E8A

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 97f2378979fd75269a60841b4749b9d7f893771a231bdad25fc90b597cf2a1e2
Instruction ID: 973ec7d558bd7d6a1d3b9cb5f95736b590c6556552e23bf803a40f99e411d9ae
Opcode Fuzzy Hash: 97f2378979fd75269a60841b4749b9d7f893771a231bdad25fc90b597cf2a1e2
Instruction Fuzzy Hash: 821143B9D0420EAFDB41DFA9C9849EEBBF5FB48310F505066E915E2210D735AA54CF50

Function 00EC2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00EC2DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00EC2DD6
GetCurrentThreadId.KERNEL32 ref: 00EC2DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00EC2DE4

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 1d4459fe1154616ea893395003d9d9a5cec17f220092eba942bbabab168ceb76
Instruction ID: f7f28e72d71f3113a223d21d2b6911e351a18e8a461193fa78a921b54334a41f
Opcode Fuzzy Hash: 1d4459fe1154616ea893395003d9d9a5cec17f220092eba942bbabab168ceb76
Instruction Fuzzy Hash: 2FE06D711052287BD7201B639E0DFFB3E6CEF92FA1F61101DB206F10809AA18985C6B0

Function 00EF8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00E79639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E79693
Part of subcall function 00E79639: SelectObject.GDI32(?,00000000), ref: 00E796A2
Part of subcall function 00E79639: BeginPath.GDI32(?), ref: 00E796B9
Part of subcall function 00E79639: SelectObject.GDI32(?,00000000), ref: 00E796E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00EF8887
LineTo.GDI32(?,?,?), ref: 00EF8894
EndPath.GDI32(?), ref: 00EF88A4
StrokePath.GDI32(?), ref: 00EF88B2

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: d17b62a5f251a68c38a9f4c6e0f0fac8f743f409d6928eb8804123875a42330b
Instruction ID: 93d3a766fd58ae21300e2eb041ae76b697ada62aa03bc91f46ca6781f867ca5e
Opcode Fuzzy Hash: d17b62a5f251a68c38a9f4c6e0f0fac8f743f409d6928eb8804123875a42330b
Instruction Fuzzy Hash: 58F09A3600225CBADB125F95AD09FEA3E69AF46324F608000FA01710E2CB740525DBE5

Function 00E798B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00E798CC
SetTextColor.GDI32(?,?), ref: 00E798D6
SetBkMode.GDI32(?,00000001), ref: 00E798E9
GetStockObject.GDI32(00000005), ref: 00E798F1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 4d9fbd0125f266b6af22f389ad49b180ae5c153219a8d160bea6a099991e8f46
Instruction ID: e40e8542bc5f7eb6b6d0bb34cef268b69de7b704055e0374f85aaef92438db8a
Opcode Fuzzy Hash: 4d9fbd0125f266b6af22f389ad49b180ae5c153219a8d160bea6a099991e8f46
Instruction Fuzzy Hash: D1E06531245244AEDB215B75BD09BF93F21EB91336F348219F6F9680E1C3714654DB10

Function 00EC162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00EC1634
OpenThreadToken.ADVAPI32(00000000,?,?,?,00EC11D9), ref: 00EC163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00EC11D9), ref: 00EC1648
OpenProcessToken.ADVAPI32(00000000,?,?,?,00EC11D9), ref: 00EC164F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 87d51e64d14c0110367ca8a009999324d3fdb72e6c3db4f16de5261bb1cb2745
Instruction ID: 18d6354980e346dc7ca2756f833eae65a0ea6dae41ca631633a2f9e9293ec7b1
Opcode Fuzzy Hash: 87d51e64d14c0110367ca8a009999324d3fdb72e6c3db4f16de5261bb1cb2745
Instruction Fuzzy Hash: D4E08632602215DFD7201FB29F0DF663B7CEF85795F344848F245E9090EA35444AC750

Function 00EBD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00EBD858
GetDC.USER32(00000000), ref: 00EBD862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00EBD882
ReleaseDC.USER32(?), ref: 00EBD8A3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 926f3a78b261c1571143871e3d86af4c68b66e87fbf866b36850ba9f93d6c140
Instruction ID: 9f687f295aa8e860b572a047957c1d34557fdf464ecab1b3bc73ea5c6af0fdc3
Opcode Fuzzy Hash: 926f3a78b261c1571143871e3d86af4c68b66e87fbf866b36850ba9f93d6c140
Instruction Fuzzy Hash: 44E0ED70904208DFCB419FA1990867DBBB1AB48711B359405E846F7350CB344506DF40

Function 00EBD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00EBD86C
GetDC.USER32(00000000), ref: 00EBD876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00EBD882
ReleaseDC.USER32(?), ref: 00EBD8A3

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 0fc22298b96b82ce398078684c89add597d262d9f522ad7703658f25ef430b1c
Instruction ID: f33eaa02f141e09ef910c3cbe107a49a60cfca34926d17a0170002cbd1fae124
Opcode Fuzzy Hash: 0fc22298b96b82ce398078684c89add597d262d9f522ad7703658f25ef430b1c
Instruction Fuzzy Hash: 7BE01A70904208DFCB409FA1D90867DBBF1BB48710B359408E84AF7350CB38590ADF40

Function 00ED4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00E67620: _wcslen.LIBCMT ref: 00E67625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00ED4ED4

Strings

*, xrefs: 00ED4E10
LPT, xrefs: 00ED4DFB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: dbbc57adfd8f6fd1e50cb51829be23deb2e4b3cb69343d08158419bc9973cff6
Instruction ID: 6b21725fb5aaaa7f5d9c7f895244a38e96db1e6bb93e33fe165cc80b16234f8d
Opcode Fuzzy Hash: dbbc57adfd8f6fd1e50cb51829be23deb2e4b3cb69343d08158419bc9973cff6
Instruction Fuzzy Hash: EB9176B5A002449FCB14DF54C484EA9BBF5FF54308F14A09AE84AAF3A2D731ED46CB51

Function 00E8E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00E8E30D

Strings

pow, xrefs: 00E8E2E5, 00E8E302

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 0dcf7bc4b112c38c16574d3689ce3e76bd212904e27929bd851e79df58072d0a
Instruction ID: 2ccc24f0b851db15b874a4aaa96cc880c2305df9b5ae448a2a5ddca28ae6922f
Opcode Fuzzy Hash: 0dcf7bc4b112c38c16574d3689ce3e76bd212904e27929bd851e79df58072d0a
Instruction Fuzzy Hash: 8F516C61A2C20696CF157714CD013BA3BE4FB41B85F306958E0DE723F9EB348C899B46

Function 00E7E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00E7E1B1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 4eddde027e735cd8403489c014450723b62a1f24db785753c9468d30892b2672
Instruction ID: b7c3a4ed198095a2055c406f65cab71f65044d282482435e5774be3be25f96f1
Opcode Fuzzy Hash: 4eddde027e735cd8403489c014450723b62a1f24db785753c9468d30892b2672
Instruction Fuzzy Hash: 16514635504296EFDB19DF68C0416FA7BA8EF19314F24A096E891BB3E1DA309D42DB90

Function 00E7F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00E7F2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 00E7F2BB

Strings

@, xrefs: 00E7F2AF

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 2b039d1505a0bff3146ed4d3169ab0eee25c37000ac11e1f3d415979eed3c627
Instruction ID: 4aa50218cb42df343aa6d151583e81f840340f7e48f407b578d91875e733798e
Opcode Fuzzy Hash: 2b039d1505a0bff3146ed4d3169ab0eee25c37000ac11e1f3d415979eed3c627
Instruction Fuzzy Hash: 3051777141C7499BD320AF50E886BABBBF8FB84344F91884CF1D9510A5EB718529CB66

Function 00EE5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00EE57E0
_wcslen.LIBCMT ref: 00EE57EC

Strings

CALLARGARRAY, xrefs: 00EE57E6, 00EE57EB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 480706adf2400adf4d24fa2bcdb7b56622e6ca0c17930dc28d19d4653893ed6a
Instruction ID: 5085cbee03702cbb2b319b70913cac9c0ea68a2286beb5188663b6a92a9af93e
Opcode Fuzzy Hash: 480706adf2400adf4d24fa2bcdb7b56622e6ca0c17930dc28d19d4653893ed6a
Instruction Fuzzy Hash: 4241C232A001099FCB08DFA9C8829BEBBF5FF59328F10602DE505B7251E7309D81CB50

Function 00EDD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00EDD130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00EDD13A

Strings

|, xrefs: 00EDD10B

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: b2feed8ed6e184aa9e0696431e66c919d4f5cbfcea83b574c77950501f2a6f0e
Instruction ID: 45c731082d55ac9d15e122059eacad202f2b7e1f82c5ff5cced49d2c66064c43
Opcode Fuzzy Hash: b2feed8ed6e184aa9e0696431e66c919d4f5cbfcea83b574c77950501f2a6f0e
Instruction Fuzzy Hash: 44313E71D01119ABCF15EFA4DC85AEE7FB9FF04344F101119F819B6261E731AA06DB90

Function 00EF356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00EF3621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00EF365C

Strings

static, xrefs: 00EF35BC

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 7cd82b5f2a9f2c10f2606407767a3c46ce9a15d47b8c3031c30052984efcf367
Instruction ID: 8f15a57bc2a3e6087cd29c6fe39b53f4a3d02eacdcbd89fed4b54e30b0a9a133
Opcode Fuzzy Hash: 7cd82b5f2a9f2c10f2606407767a3c46ce9a15d47b8c3031c30052984efcf367
Instruction Fuzzy Hash: 49318E71110208AEDB20DF78DC40ABB73A9FF88764F11A619F9A5E7290DA30ED81D760

Function 00EF4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00EF461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00EF4634

Strings

', xrefs: 00EF458E

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: e09f63194cfe0faf95de0dd3838610d49409d11c57a4b28280c76e00960587e2
Instruction ID: d11408ebaabbc465db7aba58d2c2ef8825cbe7b944a71251d8c44139bf047919
Opcode Fuzzy Hash: e09f63194cfe0faf95de0dd3838610d49409d11c57a4b28280c76e00960587e2
Instruction Fuzzy Hash: 043138B5A0120D9FDB14DFA9C980BEA7BB5FF49304F15506AEA04EB391E770A941CF90

Function 00EF31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00EF327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EF3287

Strings

Combobox, xrefs: 00EF3249

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 0ce39ff817cf60d24e248c68ba112061ce35eac148f1546449b1f5e50ca1fe08
Instruction ID: 1c5139acb789b632778abc764d0e14a361e71c8bcd99b9fddf1c2b3c162f18f3
Opcode Fuzzy Hash: 0ce39ff817cf60d24e248c68ba112061ce35eac148f1546449b1f5e50ca1fe08
Instruction Fuzzy Hash: C511B27130020C7FFF259EA4DC80EBB37ABEB943A8F205525FA18A72A0D631DD519760

Function 00EF3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00E6600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E6604C
Part of subcall function 00E6600E: GetStockObject.GDI32(00000011), ref: 00E66060
Part of subcall function 00E6600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6606A

GetWindowRect.USER32(00000000,?), ref: 00EF377A
GetSysColor.USER32(00000012), ref: 00EF3794

Strings

static, xrefs: 00EF3757

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 5f63d5b9b0e83078a4dd181119e6f328c6da409fee4066f1a148fa48d3f846f4
Instruction ID: c6a195a8d9aca6bb7a3dc127e14002c2d79495a170de7cf6034dbb0a14f0ef45
Opcode Fuzzy Hash: 5f63d5b9b0e83078a4dd181119e6f328c6da409fee4066f1a148fa48d3f846f4
Instruction Fuzzy Hash: DB1147B261020DAFDB00EFB8CC45AFA7BB9EB08314F105925FA55E2250E734E810DB50

Function 00EDCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00EDCD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00EDCDA6

Strings

<local>, xrefs: 00EDCD66

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 1d0ec27b6d4d35e9592e6a48df19e9145927eb787d71a562dbad2f82b0dae9f5
Instruction ID: 453dd7ec1faebe2069865ab0d84efb3ab306af533224bd22b9ded519fd4c090f
Opcode Fuzzy Hash: 1d0ec27b6d4d35e9592e6a48df19e9145927eb787d71a562dbad2f82b0dae9f5
Instruction Fuzzy Hash: AC11A3712056367ED7284A668C45EF7BE6AEF527E8F205227B109A3280D6709846D6F0

Function 00EF3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00EF34AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00EF34BA

Strings

edit, xrefs: 00EF348F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: a4ee1d4c8636ca2e2f9f368000ffafb0fc5b10fb7d0d1721cf881ed7c73cc29a
Instruction ID: 9a1767c435b1e6c8f9381c82731f272ddf34ca17aac8b2198941ba9b2ee7aa64
Opcode Fuzzy Hash: a4ee1d4c8636ca2e2f9f368000ffafb0fc5b10fb7d0d1721cf881ed7c73cc29a
Instruction Fuzzy Hash: 76116D7110020CAEEB218E74DC44AFA37AAEB45778F606724FA71A31D0C771DC519B60

Function 00EC6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

CharUpperBuffW.USER32(?,?,?), ref: 00EC6CB6
_wcslen.LIBCMT ref: 00EC6CC2

Strings

STOP, xrefs: 00EC6CBC, 00EC6CC1

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 4c886c675ecd49685b588706942f3e5dee338da04ce9222d328fda14fedc3d1e
Instruction ID: 60582c35400b001204d237ab5a6b927f040ca487d4a991860ac57a18327d5f1b
Opcode Fuzzy Hash: 4c886c675ecd49685b588706942f3e5dee338da04ce9222d328fda14fedc3d1e
Instruction Fuzzy Hash: F601C8326005278BCB20AFBDDE80EBF77F5EB61754710192CE462B7195EA32D941C650

Function 00EC1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00EC1D4C

Strings

ListBox, xrefs: 00EC1D16
ComboBox, xrefs: 00EC1CEB

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 1f7395703b4154546ffe1b0af1e82fb603f3bca7a7a741d4694a0c7deeeeec17
Instruction ID: 68a69fd382bb3088b557367f25a1e1f6517706412c33c45404e7bef005e9cbd4
Opcode Fuzzy Hash: 1f7395703b4154546ffe1b0af1e82fb603f3bca7a7a741d4694a0c7deeeeec17
Instruction Fuzzy Hash: 63012D716401146BCB08EBA0DE11DFE77A8EB53390B10190DF823772C2EA31991DD661

Function 00EC1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00EC1C46

Strings

ListBox, xrefs: 00EC1C10
ComboBox, xrefs: 00EC1BE5

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 99612bab837aa8ac9d17d9341680d38b8509a346ba691b4a7aa579153a577886
Instruction ID: 46f254f4d269d76f0282dab2789c3f89ea740bbff60df24026901d6f1e98f285
Opcode Fuzzy Hash: 99612bab837aa8ac9d17d9341680d38b8509a346ba691b4a7aa579153a577886
Instruction Fuzzy Hash: A501887568110467CB08E7A0DB51FFFB7EC9B52780F14105DB40677283EA359A1DE672

Function 00EC1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00EC1CC8

Strings

ListBox, xrefs: 00EC1C94
ComboBox, xrefs: 00EC1C69

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: cbe51e55f77727ee382b73e4e23dfdf93af37b4cf0b7bfe29edbbed514ff385b
Instruction ID: ce8776ae50046f7ca2dae322f17e2e61fbc834590dcde0a3ca9e507b085e2048
Opcode Fuzzy Hash: cbe51e55f77727ee382b73e4e23dfdf93af37b4cf0b7bfe29edbbed514ff385b
Instruction Fuzzy Hash: A901A77168011867CB08E7A0DB11FFEB3EC9B12780F242019B80173283EA369F1AD672

Function 00EC1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD

Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00EC1DD3

Strings

ListBox, xrefs: 00EC1DA0
ComboBox, xrefs: 00EC1D75

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: c3e281c329159c50047a5806c60e229f95893cc85c13c36bd48abec7ddbeb9ed
Instruction ID: f8601b9c9676d67fdb609aa2c80a2d7a82eb4994bb52fb4d5824666e2465d4eb
Opcode Fuzzy Hash: c3e281c329159c50047a5806c60e229f95893cc85c13c36bd48abec7ddbeb9ed
Instruction Fuzzy Hash: 70F0F971A4021467C704F7A4DE51FFEB7ACAB02790F141919B422732C3DA71991D8271

Function 00E7FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00E80668

Part of subcall function 00E832A4: RaiseException.KERNEL32(?,?,?,00E8068A,?,00F31444,?,?,?,?,?,?,00E8068A,00E61129,00F28738,00E61129), ref: 00E83304

__CxxThrowException@8.LIBVCRUNTIME ref: 00E80685

Strings

Unknown exception, xrefs: 00E80692

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 0c46952c515d7d969602aa66dd784383e83c893a252a9bc66b7e77d8ad40cb82
Instruction ID: 4f24720836fb46708830ee014564cc9507464ca72941d632b48b1513c76a829c
Opcode Fuzzy Hash: 0c46952c515d7d969602aa66dd784383e83c893a252a9bc66b7e77d8ad40cb82
Instruction Fuzzy Hash: CBF0223090020DB78B10BAB4E856D9E7BAC5E00354B60A130F92CB69E1EF31DA2AC781

Function 00EE747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00EE7493
_wcslen.LIBCMT ref: 00EE74B9

Strings

3, 3, 16, 1, xrefs: 00EE7483

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: b1489c2e7390d7975fd3b016dcd48b2e892eec923d87a438afa90ca4dd976d14
Instruction ID: fff57d82c5a48ef1bcab021d8c5cae2741583c27254abbf4e3337451a71458b8
Opcode Fuzzy Hash: b1489c2e7390d7975fd3b016dcd48b2e892eec923d87a438afa90ca4dd976d14
Instruction Fuzzy Hash: 37E02B42205362109331327BACC197F5AC9CFC9750710382BF9DDF22E6EA94CD9193A1

Function 00EC0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00EC0B23

Strings

AutoIt, xrefs: 00EC0B17
Error allocating memory., xrefs: 00EC0B1C

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: f768ea6802482cc07ce3da441d963caa45a1f56ef81e650a7a73b74c41cd2d85
Instruction ID: 433498443dc57f445583d4c0372d79334014cafce7216932cd78b5900b997839
Opcode Fuzzy Hash: f768ea6802482cc07ce3da441d963caa45a1f56ef81e650a7a73b74c41cd2d85
Instruction Fuzzy Hash: 8CE0D83128431C2AD21036957D03F997AC4CF05F60F30542BF75CB54C38AE2649087E9

Function 00E80D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00E7F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00E80D71,?,?,?,00E6100A), ref: 00E7F7CE

IsDebuggerPresent.KERNEL32(?,?,?,00E6100A), ref: 00E80D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00E6100A), ref: 00E80D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00E80D7F

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: b609f9239e3c20e20ccb513182ed5a6f3d576f1ccd60a581a9f2dc429ba2fbfb
Instruction ID: e68328a383d090033efc70fd351b1dd060854c515e535712f059fcac0a0d85b1
Opcode Fuzzy Hash: b609f9239e3c20e20ccb513182ed5a6f3d576f1ccd60a581a9f2dc429ba2fbfb
Instruction Fuzzy Hash: 90E06D702007118FE3A0AFB9E5043527BE4AF40754F10992DE48EE66A1DBB0E448CB91

Function 00ED3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00ED302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00ED3044

Strings

aut, xrefs: 00ED3038

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: c4912a55b55b5952b94e5ecab6115a060ff772058f46286b0bbb90af3ef082ce
Instruction ID: a9ec6038ae60b77e78e4963c78355a2357255921f0d738319cf12c50770f1c86
Opcode Fuzzy Hash: c4912a55b55b5952b94e5ecab6115a060ff772058f46286b0bbb90af3ef082ce
Instruction Fuzzy Hash: 8DD05B71500328ABDA209795AD0DFD73A6CD744750F1001517655E20A1DAB4D548CAD0

Function 00EBD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00EBD220

Strings

%.3d, xrefs: 00EBD22B
X64, xrefs: 00EBD2A8

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 84bfe9d92bfe89372cb14b194af0cabfd3f0ad0b06f5a7774b916e410f7c34e2
Instruction ID: 738b074474c6c66fb57f9ecac541c6bec4f6089ea6a85407b0b556cc54b86092
Opcode Fuzzy Hash: 84bfe9d92bfe89372cb14b194af0cabfd3f0ad0b06f5a7774b916e410f7c34e2
Instruction Fuzzy Hash: 72D01271C0D158E9CB5096D0DC458FBB3BCEB48301F60A462F90AB1060F624C908AB61

Function 00EF2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EF236C
PostMessageW.USER32(00000000), ref: 00EF2373

Part of subcall function 00ECE97B: Sleep.KERNEL32 ref: 00ECE9F3

Strings

Shell_TrayWnd, xrefs: 00EF2365

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 65d9589d0e18342e70bfa2f8faeb5cf5ea67cc5131dcb1af1e59042199ef2067
Instruction ID: 20dfa903c509f8f041db51c1c829566853baa92b9443e5fa380ce4f3f57ac645
Opcode Fuzzy Hash: 65d9589d0e18342e70bfa2f8faeb5cf5ea67cc5131dcb1af1e59042199ef2067
Instruction Fuzzy Hash: D8D0A9323803107AE264A331AD0FFC666149B80B00F2009167201FA1D0C8B0A805CA05

Function 00EF2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EF232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00EF233F

Part of subcall function 00ECE97B: Sleep.KERNEL32 ref: 00ECE9F3

Strings

Shell_TrayWnd, xrefs: 00EF2325

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 92e8dff85e1a78924278bc6dbe77d923f1c83d2b9af1ec3c893bc37e26470a92
Instruction ID: 4babdb658e45ae115ea9a7fc0ac4bc19ee8047d130ca5af95f474d7d84535741
Opcode Fuzzy Hash: 92e8dff85e1a78924278bc6dbe77d923f1c83d2b9af1ec3c893bc37e26470a92
Instruction Fuzzy Hash: 30D02232384310BBE264B331ED0FFD67A149B80B00F2009167305FA1D0C8F0A805CA00

Function 00E9BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00E9BE93
GetLastError.KERNEL32 ref: 00E9BEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00E9BEFC

Memory Dump Source

Source File: 00000001.00000002.3467450110.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true

Associated: 00000001.00000002.3467426014.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467546004.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467607071.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.3467630993.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e60000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: f63307a895b039d90631045b57bae02a262c41af14b4f05ad9f55c9924cf188f
Instruction ID: 3ca102dbad09f69ad41849d1107957297942cd0c0e6d365429192c96eb4c8d25
Opcode Fuzzy Hash: f63307a895b039d90631045b57bae02a262c41af14b4f05ad9f55c9924cf188f
Instruction Fuzzy Hash: F341D43470020AAFCF219F65EE44ABE7BA9EF41714F246169F959B71A1DB308D01CB50

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre