Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1528276
MD5:	fd380025ab8f4ed49c30f016615dc9e2
SHA1:	3b69ccfc98aea8de30ef6fef0f80aa8929ffd357
SHA256:	face5ab594ce41c5b5d96da6ae5e6ba965f196c126b1123805596c1f894aac7a
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\file.exe" MD5: FD380025AB8F4ED49C30F016615DC9E2)

taskkill.exe (PID: 7456 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7520 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7584 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7648 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7704 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 7800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5632 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2940254700.0000000001578000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: file.exe PID: 7440	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_78.13.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_78.13.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_76.13.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_78.13.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_78.13.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_76.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_76.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_78.13.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_78.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_78.13.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_78.13.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_78.13.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_78.13.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_78.13.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_78.13.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_78.13.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_78.13.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_78.13.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_78.13.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_78.13.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_78.13.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_78.13.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_76.13.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_78.13.dr	String found in binary or memory: https://www.google.com
Source: chromecache_78.13.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_76.13.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_76.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_76.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_76.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_76.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_76.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_78.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_78.13.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000002.2940254700.0000000001578000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1722520151.0000000000D74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_78.13.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49795 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0084EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_0084EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0084ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_0084ED6A

Source: C:\Users\user\Desktop\file.exe

0_2_0084EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0083AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_0083AA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00869576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00869576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_f8f9c617-9
Source: file.exe, 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_1c0d5535-d
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_595ef2db-6
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_c4e1ef38-b

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0083D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_0083D5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00831201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00831201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0083E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_0083E8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D8060	0_2_007D8060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00842046	0_2_00842046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00838298	0_2_00838298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080E4FF	0_2_0080E4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080676B	0_2_0080676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00864873	0_2_00864873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DCAF0	0_2_007DCAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FCAA0	0_2_007FCAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007ECC39	0_2_007ECC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00806DD9	0_2_00806DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EB119	0_2_007EB119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D91C0	0_2_007D91C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F1394	0_2_007F1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F1706	0_2_007F1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F781B	0_2_007F781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E997D	0_2_007E997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D7920	0_2_007D7920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F19B0	0_2_007F19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F7A4A	0_2_007F7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F1C77	0_2_007F1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F7CA7	0_2_007F7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00809EEE	0_2_00809EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085BE44	0_2_0085BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F1F32	0_2_007F1F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007EF9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007F0A30 appears 46 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal64.troj.evad.winEXE@46/30@12/8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008437B5 GetLastError,FormatMessageW,

0_2_008437B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008310BF AdjustTokenPrivileges,CloseHandle,		0_2_008310BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008316C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_008316C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008451CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_008451CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0085A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0085A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0084648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0084648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_007D42A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7712:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7656:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7528:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7592:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5632 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5632 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007D42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007F0A76 push ecx; ret

0_2_007F0A89

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_007EF98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00861C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00861C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-94861

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7026			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1774			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.3 %

Source: C:\Users\user\Desktop\file.exe TID: 7444

Thread sleep time: -70260s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7026 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0083DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008468EE FindFirstFileW,FindClose,	0_2_008468EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_0084698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0083D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0083D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00849642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00849642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0084979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00849B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00849B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00845C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00845C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007D42DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0084EAA2 BlockInput,

0_2_0084EAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00802622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00802622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007D42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007F4CE8 mov eax, dword ptr fs:[00000030h]

0_2_007F4CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00830B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00830B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00802622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00802622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_007F083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F09D5 SetUnhandledExceptionFilter,	0_2_007F09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_007F0C21

Source: C:\Users\user\Desktop\file.exe

0_2_00831201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00812BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00812BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0083B226 SendInput,keybd_event,

0_2_0083B226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008522DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_008522DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00830B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00831663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00831663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007F0698 cpuid

0_2_007F0698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00848195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00848195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082D27A GetUserNameW,

0_2_0082D27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0080BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_0080BB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007D42DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match	File source: 00000000.00000002.2940254700.0000000001578000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7440, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match	File source: 00000000.00000002.2940254700.0000000001578000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7440, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00851204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00851204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00851806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00851806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
youtube-ui.l.google.com	172.217.16.142	true	false	unknown
www3.l.google.com	142.250.186.174	true	false	unknown
play.google.com	142.250.185.206	true	false	unknown
www.google.com	142.250.185.100	true	false	unknown
youtube.com	142.250.184.206	true	false	unknown
accounts.youtube.com	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	unknown
https://www.google.com/favicon.ico	false	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_78.13.dr	false		unknown
https://policies.google.com/technologies/location-data	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_78.13.dr	false		unknown
https://apis.google.com/js/api.js	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_78.13.dr	false		unknown
https://policies.google.com/terms/service-specific	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_78.13.dr	false		unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_78.13.dr	false		unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_78.13.dr	false		unknown
https://support.google.com/accounts?hl=	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_78.13.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_78.13.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.206	play.google.com	United States	15169	GOOGLEUS	false
142.250.186.174	www3.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.110	unknown	United States	15169	GOOGLEUS	false
142.250.184.206	youtube.com	United States	15169	GOOGLEUS	false
172.217.16.142	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528276
Start date and time:	2024-10-07 18:22:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal64.troj.evad.winEXE@46/30@12/8
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 96% Number of executed functions: 36 Number of non-executed functions: 312
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.238, 142.250.110.84, 172.217.16.195, 34.104.35.123, 142.250.185.99, 142.250.185.67, 142.250.181.234, 142.250.185.170, 172.217.18.106, 142.250.184.234, 142.250.186.74, 216.58.212.138, 142.250.186.42, 142.250.185.138, 216.58.206.42, 142.250.185.202, 142.250.185.106, 142.250.185.74, 142.250.185.234, 142.250.186.106, 172.217.16.138, 142.250.186.138, 142.250.184.202, 216.58.212.170, 172.217.18.10, 142.250.74.202, 199.232.214.172, 192.229.221.95, 216.58.206.35, 66.102.1.84, 142.250.185.174
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzEwODA2LCJuYmYiOjE3MjgzMTA4MDYsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJwODJtNGNzMzB4cXl2Zmh0NzQxaSIsInRva2VuIjoicDgybTRjczMweHF5dmZodDc0MWkiLCJzZW5kX2F0IjoxNzI4MzA5NzMyLCJlbWFpbF9pZCI6OTk2NDE4NiwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTQwMTYsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj0lRjAlOUYlOTElOEMrV2UrTWFkZStJdCtFYXN5K0ZvcitZb3UrJUYwJTlGJTkxJThDIn0.MNRoosOspCCWwx3VuYY41W-crcEzfjjfIELlO_QMAdM	Get hash	malicious	HtmlDropper	Browse
	https://forms.office.com/Pages/ShareFormPage.aspx?id=W8eUhlA4rUOuklSyoCn21mtmgAvPzYFJuSM99R6gX3dUQ1IyWUM1UUhTS1pWQ0xXNkI3RzlRRkFIVi4u&sharetoken=93tGEOrxpFy3X0nnxFcr	Get hash	malicious	HTMLPhisher	Browse
	Contract_Agreement_Monday October 2024.pdf	Get hash	malicious	Unknown	Browse
	DocuSign-Docx.pdf	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	https://email.oxblue.com/e3t/Ctc/Q+113/cdDrv04/VXdfjN46m5dxW4GJlKB4fd0DdW2sbCLr5lTFq6N7Hm8xT3qgyTW7Y8-PT6lZ3lzW1ccS1H8Y8rzXW1hrlTV77h1NhW5_pVzH8bsnn6W1PWxqV8D5TN_W4_z5yx2Cz_4sMrZF-GqDHzcW8pZQ3N3BhYgKW3tmwg72n4TxDW4fS46V1-s7dgW57YVF64HfrMMW2BxxC75X21XdW1nBYw_1PMVGyW8s_YKQ6BTQZmW8wDJ4k3-yNbbW2_BGfy66mfVdW937hqt5kq1CcW4XD3mN54BQSWW4G8TK98NTx7zW74frv25zlZbQW5ztJ6n6fGJFrMSqBjr36qwYW2tk9Xh21wMKrW5RXwDq1M2mmrW3nyq_P20wBvNN8-tVH1nqcD1W5m3Vz04sj9CQf2ygfDq04	Get hash	malicious	Unknown	Browse
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.htr.gtdzwq?v=frudxdxrtxfilfrjx.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpjOGJiNWZiM2U4NjZhMDk1M2Y0MGVjY2U1MDhmYjQ4YTo3OmM4Y2I6MDdlZDdhNDI4N2UyMzc1NGJjZGQ1YjkyOWYyODg2OTI5ZDkyNzU0YTQ2NWI4MzhkYWZlMmM3NjA5ZGMyZGNmMzpoOlQ6VA#YnJhbmRvbi53YW5nQGludGVncmFjb25uZWN0LmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
	8ID0109FLT24PO92CD-R.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://www.rhris.com/EmailEmploymentValidation.cfm?EmploymentRefID=E84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse
	https://alquimista.hosted.phplist.com/lists/lt.php?tid=cE0FU1AHDgIFBx4AXQpVFAZXX18ZAwJTUx9QXA8AVFIMCQAEUVZKAFQHUVFfBFYUCloJBRlWDQ1SH15cAl1MUAFUAwIDUgNQUFlSHQxTUg1XUF9VGVIHVgUfUlgOUUxZXAZSGFMFDwxZBFdUWAEDAA	Get hash	malicious	Unknown	Browse

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	VLSiVR4Qxs.exe	Get hash	malicious	LummaC, Vidar	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	vEcIHT68pU.exe	Get hash	malicious	LummaC	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	5rVhexjLCx.exe	Get hash	malicious	Stealc	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzEwODA2LCJuYmYiOjE3MjgzMTA4MDYsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJwODJtNGNzMzB4cXl2Zmh0NzQxaSIsInRva2VuIjoicDgybTRjczMweHF5dmZodDc0MWkiLCJzZW5kX2F0IjoxNzI4MzA5NzMyLCJlbWFpbF9pZCI6OTk2NDE4NiwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTQwMTYsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj0lRjAlOUYlOTElOEMrV2UrTWFkZStJdCtFYXN5K0ZvcitZb3UrJUYwJTlGJTkxJThDIn0.MNRoosOspCCWwx3VuYY41W-crcEzfjjfIELlO_QMAdM	Get hash	malicious	HtmlDropper	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://forms.office.com/Pages/ShareFormPage.aspx?id=W8eUhlA4rUOuklSyoCn21mtmgAvPzYFJuSM99R6gX3dUQ1IyWUM1UUhTS1pWQ0xXNkI3RzlRRkFIVi4u&sharetoken=93tGEOrxpFy3X0nnxFcr	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	Contract_Agreement_Monday October 2024.pdf	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Vidar	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Stealc	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	DocuSign-Docx.pdf	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4067
Entropy (8bit):	5.3700036060139436
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
MD5:	FA701F5D7BEF5AF6B676F099A00A1140
SHA1:	4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
SHA-256:	F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
SHA-512:	D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.792853472193562
Encrypted:	false
SSDEEP:	6144:H5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:HOeKGSpgu/
MD5:	E1EACECE2057677ABF75B712C105209B
SHA1:	9E344321591DF0F0A5070CA740EC5B0A6AE0F652
SHA-256:	8AFE51BFDAE261688E105C2C7EDF8E18A1014157E0F6DDEBB224FDACC000A198
SHA-512:	F2054EAD60C488375EB127744B14138AD5FB141E8F83968C76892BFA51B1B35D53D54C19E1A1C72B46A1E62989BAED5F07E020CC3BAF8D98D8C0C985ED2B24A1
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGb3a8-i7ToyTC_LjURLST5kEgrtQ/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1e4, 0x2046d860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698852
Entropy (8bit):	5.594980353163612
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJiH7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiyU+
MD5:	AA9FDCBE29C6D043DC83A7DAD848CCC3
SHA1:	E3F0A387A0A4B060620C975E1C70AA20294F3F22
SHA-256:	1A624C24D6D712C633F0B034606610DAD6B5AD7890FBFA3A9B204BD33207D60E
SHA-512:	C93878CE1281349204ABDB4444B18A12C03A010D1A252827EBFE45523E834988CE95D6E625FF82A60934D7A275AD8DAAC689E4412C5719ACCA8C9E1D4365B4D3
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.583821170175885
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	fd380025ab8f4ed49c30f016615dc9e2
SHA1:	3b69ccfc98aea8de30ef6fef0f80aa8929ffd357
SHA256:	face5ab594ce41c5b5d96da6ae5e6ba965f196c126b1123805596c1f894aac7a
SHA512:	c520ad75ca706220666916480f5cbe6d2841adef684a962b4bad342e3e48d1d5f50413a27dfd14ee86ae21d02d09ed6243b323504036afadf5a716b35908a71c
SSDEEP:	24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8a44K:4TvC/MTQYxsWR7a4
TLSH:	8E159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67040875 [Mon Oct 7 16:12:37 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F46ECB39663h
jmp 00007F46ECB38F6Fh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F46ECB3914Dh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F46ECB3911Ah
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F46ECB3BD0Dh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F46ECB3BD58h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F46ECB3BD41h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	0736f2c6f33ce3edd50b2bbcc92a6eaf	False	0.3167568108974359	data	5.332740768725899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 18:23:03.564275980 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 7, 2024 18:23:04.564743042 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:04.564790964 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:04.564865112 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:04.571331978 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:04.571347952 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:05.190376997 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:05.240541935 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:05.341825962 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:05.341833115 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:05.343617916 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:05.344043970 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:05.346637964 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:05.346762896 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:05.352857113 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:05.353045940 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:05.355931044 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:05.355937958 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:05.406637907 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:05.582060099 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:05.582746029 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:05.582792044 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:05.589514971 CEST	49731	443	192.168.2.4	142.250.184.206
Oct 7, 2024 18:23:05.589528084 CEST	443	49731	142.250.184.206	192.168.2.4
Oct 7, 2024 18:23:05.605726957 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:05.605773926 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:05.605835915 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:05.606018066 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:05.606034040 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.210381031 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.210819006 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:06.210864067 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.211776972 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.211865902 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:06.212810993 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.212867022 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:06.213920116 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:06.214013100 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.214150906 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:06.214167118 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.406618118 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:06.511571884 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.511599064 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.511662006 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:06.511682987 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.511718988 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:06.511770964 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:06.514007092 CEST	49736	443	192.168.2.4	172.217.16.142
Oct 7, 2024 18:23:06.514044046 CEST	443	49736	172.217.16.142	192.168.2.4
Oct 7, 2024 18:23:08.455368996 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:08.455410004 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:08.455466032 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:08.455733061 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:08.455748081 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:09.069523096 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:09.069746971 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:09.069771051 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:09.070619106 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:09.070677042 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:09.071749926 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:09.071805954 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:09.113292933 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:09.113332987 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:09.172772884 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:10.116348982 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:10.116416931 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:10.116503954 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:10.118377924 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:10.118413925 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:10.748867989 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:10.748935938 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:10.755264997 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:10.755279064 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:10.755603075 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:10.797873974 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:10.822169065 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:10.863414049 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.006634951 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.006700039 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.006761074 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.006911993 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.006932974 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.006966114 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.006978989 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.091145039 CEST	49749	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.091187954 CEST	443	49749	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.091272116 CEST	49749	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.092237949 CEST	49749	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.092252970 CEST	443	49749	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.725281954 CEST	443	49749	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.725364923 CEST	49749	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.727086067 CEST	49749	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.727097988 CEST	443	49749	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.728157997 CEST	443	49749	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.729311943 CEST	49749	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.775393963 CEST	443	49749	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.978171110 CEST	443	49749	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.978318930 CEST	443	49749	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.978458881 CEST	49749	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.979789019 CEST	49749	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.979789019 CEST	49749	443	192.168.2.4	184.28.90.27
Oct 7, 2024 18:23:11.979826927 CEST	443	49749	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:11.979837894 CEST	443	49749	184.28.90.27	192.168.2.4
Oct 7, 2024 18:23:13.371855974 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:13.371907949 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:13.371983051 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:13.372174025 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:13.372186899 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.000591040 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.000916004 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.000956059 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.001511097 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.001580000 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.002506018 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.002561092 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.003563881 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.003647089 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.003799915 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.003814936 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.047027111 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.309906960 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.310028076 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.310103893 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.310116053 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.310142040 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.310164928 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.315505028 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.315593004 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.315617085 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.321578026 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.321635962 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.321649075 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.321671963 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.321722984 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.321734905 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.330282927 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.330343962 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.330357075 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.333465099 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.333518028 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.333535910 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.333555937 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.333609104 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.333621979 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.377566099 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.396511078 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.396599054 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.396610975 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.396625996 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.396676064 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.396676064 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.396702051 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.396749020 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.400691986 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.400752068 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.400926113 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.400979042 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.407169104 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.407227039 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.413675070 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.413760900 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.413773060 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.419003963 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.419086933 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.419099092 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.424784899 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.424886942 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.424901009 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.425065994 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.425123930 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.425579071 CEST	49756	443	192.168.2.4	142.250.186.174
Oct 7, 2024 18:23:14.425606966 CEST	443	49756	142.250.186.174	192.168.2.4
Oct 7, 2024 18:23:14.639266968 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:14.639342070 CEST	443	49760	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:14.639440060 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:14.639636040 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:14.639653921 CEST	443	49760	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:14.825239897 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:14.825283051 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:14.825347900 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:14.835589886 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:14.835606098 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.255628109 CEST	443	49760	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.255928040 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.255949020 CEST	443	49760	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.257168055 CEST	443	49760	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.257246971 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.259671926 CEST	443	49760	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.259736061 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.260549068 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.260761976 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.260797024 CEST	443	49760	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.314424992 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.314435005 CEST	443	49760	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.361745119 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.461666107 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.461937904 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.462002993 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.462521076 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.462590933 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.463535070 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.463603973 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.463742018 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.463835955 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.464112043 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.464133024 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.517606974 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.541970015 CEST	443	49760	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.542468071 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.542543888 CEST	443	49760	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.542606115 CEST	49760	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.543252945 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.543297052 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.543359995 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.543617010 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.543636084 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.753228903 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.753608942 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.753673077 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.753806114 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.753856897 CEST	443	49761	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.753885984 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.753911018 CEST	49761	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.754729986 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.754772902 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:15.754827976 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.755233049 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:15.755245924 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.161380053 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.172302008 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.172347069 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.173593998 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.173670053 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.176093102 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.176152945 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.176898956 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.177098036 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.177473068 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.177493095 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.177529097 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.219717026 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.219732046 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.381584883 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.386827946 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.386854887 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.387486935 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.387551069 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.388498068 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.388550043 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.389385939 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.389578104 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.389722109 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.390101910 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.390161991 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.397798061 CEST	49764	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.397819042 CEST	443	49764	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.398329973 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.398356915 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.398396969 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.443402052 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.444080114 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.481101990 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:16.481139898 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:16.481198072 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:16.482343912 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:16.482359886 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:16.632977962 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.633284092 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:16.633358955 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.634413004 CEST	49765	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:16.634458065 CEST	443	49765	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:17.272203922 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:17.274185896 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:17.307405949 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:17.307419062 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:17.308439016 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:17.360754013 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:17.361694098 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:17.403424978 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:17.541627884 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:17.541731119 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:17.541866064 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:17.542025089 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:17.542088985 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:17.542144060 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:17.542315006 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:17.542768002 CEST	49741	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:23:17.542798042 CEST	443	49741	142.250.185.100	192.168.2.4
Oct 7, 2024 18:23:17.871570110 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:17.915476084 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125138044 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125193119 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125233889 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125242949 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:18.125256062 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125281096 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125302076 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:18.125318050 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125355959 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125366926 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:18.125375986 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125399113 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:18.125433922 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125483036 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:18.125488997 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125768900 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.125814915 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:18.424338102 CEST	49723	80	192.168.2.4	199.232.210.172
Oct 7, 2024 18:23:18.430429935 CEST	80	49723	199.232.210.172	192.168.2.4
Oct 7, 2024 18:23:18.430490971 CEST	49723	80	192.168.2.4	199.232.210.172
Oct 7, 2024 18:23:18.636364937 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:18.636384964 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:18.636399984 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:18.636405945 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:22.504179955 CEST	49780	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:22.504225969 CEST	443	49780	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:22.504631996 CEST	49780	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:22.504967928 CEST	49780	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:22.504985094 CEST	443	49780	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:23.129975080 CEST	443	49780	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:23.130206108 CEST	49780	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:23.130232096 CEST	443	49780	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:23.130743027 CEST	443	49780	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:23.131182909 CEST	49780	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:23.131266117 CEST	443	49780	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:23.131408930 CEST	49780	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:23.131445885 CEST	49780	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:23.131453037 CEST	443	49780	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:23.449500084 CEST	443	49780	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:23.450465918 CEST	443	49780	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:23.450521946 CEST	49780	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:23.451117039 CEST	49780	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:23.451134920 CEST	443	49780	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:45.175576925 CEST	49781	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:45.175614119 CEST	443	49781	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:45.175704002 CEST	49781	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:45.175924063 CEST	49781	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:45.175940037 CEST	443	49781	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:46.404931068 CEST	49782	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:46.404994965 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:46.405067921 CEST	49782	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:46.407954931 CEST	49782	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:46.407969952 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:46.634012938 CEST	443	49781	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:46.645941019 CEST	49781	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:46.645960093 CEST	443	49781	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:46.646718025 CEST	443	49781	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:46.647041082 CEST	49781	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:46.647130966 CEST	443	49781	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:46.647227049 CEST	49781	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:46.647250891 CEST	49781	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:46.647326946 CEST	443	49781	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:46.924702883 CEST	443	49781	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:46.925497055 CEST	443	49781	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:46.925555944 CEST	49781	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:46.925664902 CEST	49781	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:46.925678968 CEST	443	49781	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.019237995 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.019522905 CEST	49782	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:47.019547939 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.020734072 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.021006107 CEST	49782	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:47.021150112 CEST	49782	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:47.021155119 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.021162987 CEST	49782	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:47.021171093 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.063287973 CEST	49782	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:47.063294888 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.228573084 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.229495049 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.229569912 CEST	49782	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:47.229671955 CEST	49782	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:47.229685068 CEST	443	49782	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.675595999 CEST	49783	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:47.675632000 CEST	443	49783	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:47.675707102 CEST	49783	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:47.676054001 CEST	49783	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:47.676069021 CEST	443	49783	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:48.305423021 CEST	443	49783	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:48.305805922 CEST	49783	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:48.305820942 CEST	443	49783	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:48.306272984 CEST	443	49783	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:48.306628942 CEST	49783	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:48.306720018 CEST	443	49783	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:48.306840897 CEST	49783	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:48.306866884 CEST	49783	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:48.306940079 CEST	443	49783	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:48.816530943 CEST	443	49783	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:48.816840887 CEST	443	49783	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:48.816909075 CEST	49783	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:48.817287922 CEST	49783	443	192.168.2.4	142.250.185.206
Oct 7, 2024 18:23:48.817293882 CEST	443	49783	142.250.185.206	192.168.2.4
Oct 7, 2024 18:23:55.043401003 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:55.043430090 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:55.043912888 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:55.043912888 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:55.043939114 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:55.462734938 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:55.462805986 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:55.462897062 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:55.463268042 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:55.463296890 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:55.838594913 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:55.839409113 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:55.843406916 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:55.843415022 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:55.843868971 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:55.854152918 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:55.895402908 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.093930006 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.094012022 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.116599083 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.116645098 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.117528915 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.164952993 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.171477079 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.171530008 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.171576023 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.171612978 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:56.171622992 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.171690941 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:56.172441959 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.172504902 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.172513962 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:56.172533989 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.172559977 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:56.173180103 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.173482895 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:56.217467070 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.254937887 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:56.254937887 CEST	49784	443	192.168.2.4	4.175.87.197
Oct 7, 2024 18:23:56.254945993 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.254952908 CEST	443	49784	4.175.87.197	192.168.2.4
Oct 7, 2024 18:23:56.263403893 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.316608906 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.316703081 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.316723108 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.316761971 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.316762924 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.316791058 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.316797972 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.316808939 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.316817999 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.316837072 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.316857100 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.396219969 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.396287918 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.396348953 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.396384954 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.396403074 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.396430016 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.397965908 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.398006916 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.398027897 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.398035049 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.398063898 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.398075104 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.480640888 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.480712891 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.480730057 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.480762959 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.480767965 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.480813026 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.481549978 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.481604099 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.481623888 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.481631994 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.481661081 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.481674910 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.482418060 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.482470036 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.482489109 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.482496023 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.482542038 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.484222889 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.484276056 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.484293938 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.484301090 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.484328985 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.484354973 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.565418005 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.565486908 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.565510988 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.565522909 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.565546036 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.565565109 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.566565037 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.566608906 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.566632986 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.566638947 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.566665888 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.566685915 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.567583084 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.567636967 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.567658901 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.567665100 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.567693949 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.567713022 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.568747044 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.568806887 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.568815947 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.568835020 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.568865061 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.568885088 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.570171118 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.570214987 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.570230961 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.570236921 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.570267916 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.570283890 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.571182013 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.571230888 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.571249962 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.571255922 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.571285963 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.571296930 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.571336031 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.571404934 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.571410894 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.571454048 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.571461916 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.571468115 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.571516991 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.571528912 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.618885994 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.618925095 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.618990898 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.619800091 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.619816065 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.621817112 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.621912003 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.621979952 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.622097969 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.622118950 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.622864008 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.622955084 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.623030901 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.623620987 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.623694897 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.623764992 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.623889923 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.623923063 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.624171019 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.624205112 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.625134945 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.625160933 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:56.625225067 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.625317097 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:56.625344992 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.253282070 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.253978014 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.254040003 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.254419088 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.254431009 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.255975962 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.256316900 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.256349087 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.256757975 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.256763935 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.257178068 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.257451057 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.257512093 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.257864952 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.257879019 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.266643047 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.266957998 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.266985893 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.267323017 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.267330885 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.270095110 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.270530939 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.270603895 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.271332026 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.271346092 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.346847057 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.346899986 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.347058058 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.347101927 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.347176075 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.347287893 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.347295046 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.347368002 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.347655058 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.347734928 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.347955942 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.350126982 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.350197077 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.350332022 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.350487947 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.350511074 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.353530884 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.353584051 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.353636980 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.353650093 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.353704929 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.353811979 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.353816986 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.353837013 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.354176044 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.354264021 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.354667902 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.356029034 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.356064081 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.356278896 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.356383085 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.356395006 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.380203009 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.380314112 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.380357981 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.380400896 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.380420923 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.380456924 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.380553961 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.380573034 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.380587101 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.380594015 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.380609989 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.380640030 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.380672932 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.380690098 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.381634951 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.381679058 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.381752014 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.381808043 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.381871939 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.381901979 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.381927967 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.381942987 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.383902073 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.383944988 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.384193897 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.384201050 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.384228945 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.384258032 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.384396076 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.384409904 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.384504080 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.384516001 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.384727955 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.384746075 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.384850025 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.384977102 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.384980917 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.990227938 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.990910053 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.990957975 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:57.991420031 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:57.991430044 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.008101940 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.008591890 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.008622885 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.009052992 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.009059906 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.021421909 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.024218082 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.024233103 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.024888992 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.024893999 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.028923988 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.028990984 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.029335976 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.029355049 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.029388905 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.029401064 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.029798985 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.029803038 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.029911995 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.029916048 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.087111950 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.087270975 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.087363005 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.087486029 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.087519884 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.087548018 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.087563038 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.090693951 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.090706110 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.090792894 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.090970993 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.090981960 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.104950905 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.105072021 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.105197906 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.105310917 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.105314970 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.105328083 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.105331898 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.108052015 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.108078003 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.108144999 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.108282089 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.108293056 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.120511055 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.120564938 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.120639086 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.120747089 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.120752096 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.120774984 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.120779991 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.123013973 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.123024940 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.123080015 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.123209953 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.123222113 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.129481077 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.129631042 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.129681110 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.129703999 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.129714012 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.129724026 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.129728079 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.131548882 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.131567001 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.131638050 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.131767035 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.131777048 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.174238920 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.174403906 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.174460888 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.174556971 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.174562931 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.174573898 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.174576998 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.177555084 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.177612066 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.177700043 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.177834988 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.177869081 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.732234001 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.732770920 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.732790947 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.733448982 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.733453035 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.745819092 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.746229887 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.746253967 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.746663094 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.746670008 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.762623072 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.763097048 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.763112068 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.763570070 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.763573885 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.785896063 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.786329985 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.786339998 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.786807060 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.786812067 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.822237968 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.822947025 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.823012114 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.823383093 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.823399067 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.827804089 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.827872992 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.827924013 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.828068018 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.828083038 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.828093052 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.828097105 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.831018925 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.831104040 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.831206083 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.831406116 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.831424952 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.845536947 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.845613956 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.845813990 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.845841885 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.845860958 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.845871925 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.845882893 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.848644018 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.848669052 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.848763943 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.848920107 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.848948002 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.862098932 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.862255096 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.862384081 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.862416029 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.862426043 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.862437963 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.862447023 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.864808083 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.864876986 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.864965916 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.865106106 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.865128994 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.886226892 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.886384964 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.886506081 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.886729002 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.886746883 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.886758089 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.886769056 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.889620066 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.889722109 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.889821053 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.889997005 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.890036106 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.918876886 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.919038057 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.919261932 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.919415951 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.919439077 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.919477940 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.919492006 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.921962023 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.922029972 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:58.926237106 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.926378012 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:58.926409006 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.466371059 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.466985941 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.467045069 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.467518091 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.467535019 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.478853941 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.479130030 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.479147911 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.479477882 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.479485989 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.563551903 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.563632965 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.563899994 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.563968897 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.563968897 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.564009905 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.564035892 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.567322969 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.567439079 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.567538977 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.567769051 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.567806959 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.570864916 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.571260929 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.571312904 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.571329117 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.571541071 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.571568966 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.571854115 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.571861029 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.572036982 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.572045088 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.575967073 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.576108932 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.576246977 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.576309919 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.576311111 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.576340914 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.576364040 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.579073906 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.579103947 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.579179049 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.579317093 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.579329967 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.653706074 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.654366970 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.654417038 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.654891014 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.654902935 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.670432091 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.670562983 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.670651913 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.670861006 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.670908928 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.670943022 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.670958996 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.672874928 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.673005104 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.674230099 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.674369097 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.674386978 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.674398899 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.674406052 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.674417973 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.674438953 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.676364899 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.676376104 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.676404953 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.676434040 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.676568985 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.676574945 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 18:23:59.676600933 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:23:59.676615000 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.191106081 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.191245079 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.191426992 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.192538023 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.192600012 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.192634106 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.192651987 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.194823027 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.195230007 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.195259094 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.195365906 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.195403099 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.195462942 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.195569992 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.195578098 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.195832968 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.195841074 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.203780890 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.204272032 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.204293966 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.204705954 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.204718113 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.290652037 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.290816069 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.290884972 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.294681072 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.294701099 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.294713974 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.294720888 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.297820091 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.297847033 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.297990084 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.298089981 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.298099041 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.302548885 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.302619934 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.302676916 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.302778006 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.302778006 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.302818060 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.302840948 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.305578947 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.305610895 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.305680990 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.305813074 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.305824995 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.332961082 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.333736897 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.333754063 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.334038019 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.334043026 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.344110012 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.345053911 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.345062017 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.347677946 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.347682953 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.444500923 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.444556952 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.444618940 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.444809914 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.444809914 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.444820881 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.444829941 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.447757006 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.447788000 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.447880983 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.448247910 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.448261023 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.492139101 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.492295027 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.492353916 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.492564917 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.492575884 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.492597103 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.492602110 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.496412039 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.496452093 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:00.496809006 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.496809006 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:00.496836901 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.076169014 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.077693939 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.080185890 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.102361917 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.102381945 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.108311892 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.108319044 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.108584881 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.108603001 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.116127968 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.116133928 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.126029968 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.134330988 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.134339094 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.140968084 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.140971899 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.204466105 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.204582930 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.204649925 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.204895973 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.204906940 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.204916954 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.204930067 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.208446026 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.208462954 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.208523989 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.208698988 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.208709002 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.211148024 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.211215019 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.211452007 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.211452961 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.211452961 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.213416100 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.213444948 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.213524103 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.213651896 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.213680983 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.232300043 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.232440948 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.232505083 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.232675076 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.232683897 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.232692957 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.232697010 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.234891891 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.234962940 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.235090017 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.235280991 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.235312939 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.253360033 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.254029989 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.254056931 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.255060911 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.255065918 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.255234957 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.255624056 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.255636930 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.256078959 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.256083012 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.351289034 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.351429939 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.351536989 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.351687908 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.351687908 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.351702929 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.351711035 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.352706909 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.352861881 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.352942944 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.353152037 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.353152037 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.353157043 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.353163004 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.354521036 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.354587078 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.354697943 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.354830980 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.354860067 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.354999065 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.355045080 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.355106115 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.355214119 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.355241060 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.516752005 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.516762018 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.820627928 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.821182013 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.821213007 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.821690083 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.821695089 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.826142073 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.826390028 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.826440096 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.826680899 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.826692104 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.915236950 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.915426970 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.915504932 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.915687084 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.915704012 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.915714979 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.915719986 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.918942928 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.919020891 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.919115067 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.919310093 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.919338942 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.925250053 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.925326109 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.925378084 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.925476074 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.925497055 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.925510883 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.925518036 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.927479029 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.927572966 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.927651882 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.927782059 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.927818060 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.979201078 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.979862928 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.979902029 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.980384111 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.980396032 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.982151031 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.982425928 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.982453108 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:01.982748032 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:01.982759953 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.075576067 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.075725079 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.075788975 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.075933933 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.075964928 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.075990915 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.076005936 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.077361107 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.077490091 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.077552080 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.077753067 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.077769995 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.077802896 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.077811003 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.080358028 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.080415964 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.080501080 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.081700087 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.081731081 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.081742048 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.081799984 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.081864119 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.081984997 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.082009077 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.406297922 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.407013893 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.407041073 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.407488108 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.407494068 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.502636909 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.502798080 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.502877951 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.503030062 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.503071070 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.503099918 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.503119946 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.505923986 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.505966902 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.506041050 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.506184101 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.506192923 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.557087898 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.557585001 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.557637930 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.557775974 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.558121920 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.558135986 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.558430910 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.558470964 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.558813095 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.558820009 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.652712107 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.652798891 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.652877092 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.653120995 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.653143883 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.653163910 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.653171062 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.654098988 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.654166937 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.654223919 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.654341936 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.654371023 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.654386044 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.654395103 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.656443119 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.656481028 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.656496048 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.656506062 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.656554937 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.656601906 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.656770945 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.656784058 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.656948090 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.656955957 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.696676016 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.698777914 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.698796988 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.699310064 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.699320078 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.744573116 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.745173931 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.745207071 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.745699883 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.745707035 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.792902946 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.793051004 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.793492079 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.796439886 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.796473026 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.796494007 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.796504021 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.799693108 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.799745083 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.799832106 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.800050974 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.800072908 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.845995903 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.846152067 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.846230984 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.846405029 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.846421003 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.846432924 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.846440077 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.849533081 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.849570036 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:02.849658012 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.849827051 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:02.849843979 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.118848085 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.119625092 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.119668007 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.120084047 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.120095015 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.243335009 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.243549109 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.243736982 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.246174097 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.246175051 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.246200085 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.246212959 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.246928930 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.246973991 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.247070074 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.247194052 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.247200012 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.263360023 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.263850927 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.263906956 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.264343977 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.264358997 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.270823002 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.271207094 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.271236897 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.271635056 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.271646023 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.379412889 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.379487038 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.379549026 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.403084040 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.403084040 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.403156042 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.403193951 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.405745029 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.405759096 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.405857086 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.406001091 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.406009912 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.412883043 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.413362026 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.413384914 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.413827896 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.413834095 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.417591095 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.417661905 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.417722940 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.417821884 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.417844057 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.417869091 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.417882919 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.419991970 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.420026064 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.420104027 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.420221090 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.420237064 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.498195887 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.498689890 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.498697996 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.499408960 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.499413967 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.508147955 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.508287907 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.508349895 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.508407116 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.508423090 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.508438110 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.508445978 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.511168003 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.511205912 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.511270046 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.511398077 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.511406898 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.599297047 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.599407911 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.599522114 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.599706888 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.599719048 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.599733114 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.599737883 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.602704048 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.602735996 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.602818966 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.602974892 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.602987051 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.899919987 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.900595903 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.900635004 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:03.901077032 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:03.901087999 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.003520012 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.003680944 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.003823042 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.003963947 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.003989935 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.004034996 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.004049063 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.007330894 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.007411957 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.007525921 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.007694006 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.007723093 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.015865088 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.016278982 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.016309977 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.016769886 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.016779900 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.059233904 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.059734106 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.059770107 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.060406923 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.060417891 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.112869978 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.112943888 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.113002062 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.113230944 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.113253117 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.113276005 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.113287926 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.116049051 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.116081953 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.116177082 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.116311073 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.116321087 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.139398098 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.139832020 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.139878988 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.140305042 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.140315056 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.166567087 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.166702032 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.166781902 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.166856050 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.166883945 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.166899920 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.166908026 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.170063019 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.170093060 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.170164108 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.170286894 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.170301914 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.230369091 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.230954885 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.231014013 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.231396914 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.231410027 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.235696077 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.235773087 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.235877991 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.235935926 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.235955954 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.235974073 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.235981941 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.238661051 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.238679886 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.238755941 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.238908052 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.238912106 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.327521086 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.327699900 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.327752113 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.329088926 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.329108953 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.329119921 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.329123974 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.332104921 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.332138062 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.332206964 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.332351923 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.332356930 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.688024044 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.688695908 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.688714027 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.689217091 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.689224005 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.776326895 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.776871920 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.776881933 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.777585030 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.777590036 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.791182995 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.791331053 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.791409016 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.791634083 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.791642904 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.791652918 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.791657925 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.801040888 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.801094055 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.801179886 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.801327944 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.801345110 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.874489069 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.875349045 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.875361919 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.875843048 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.875848055 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.876569986 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.876677036 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.876956940 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.876956940 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.876956940 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.879998922 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.880037069 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.880129099 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.880296946 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.880323887 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.919913054 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.920681000 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.920720100 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.921127081 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.921133041 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.978707075 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.978761911 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.978848934 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.979170084 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.979170084 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.979188919 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.979199886 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.982875109 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.982963085 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:04.983099937 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.983234882 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:04.983253002 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.019423008 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.020054102 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.020073891 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.021070004 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.021086931 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.063561916 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.063627005 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.063736916 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.063996077 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.064007044 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.064018011 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.064023972 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.067559958 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.067648888 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.067759037 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.067929983 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.067949057 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.119790077 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.119858027 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.120311975 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.120311975 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.120311975 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.123912096 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.124000072 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.124125957 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.124295950 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.124320030 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.190155983 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.190190077 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.422808886 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.422821999 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.441616058 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.442285061 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.442331076 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.442914963 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.442928076 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.489089012 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.489872932 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.489888906 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.490803957 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.490809917 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.540673971 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.540818930 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.540921926 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.555571079 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.555602074 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.584723949 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.584806919 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.584979057 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.591273069 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.591309071 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.591393948 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.591516972 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.591516972 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.591548920 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.591573954 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.601033926 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.601052046 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.601746082 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.609613895 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.609633923 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.610099077 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.610110998 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.634135008 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.634169102 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.638216019 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.641591072 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.641608000 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.682703972 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.694211960 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.694252968 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.699109077 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.699122906 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.721667051 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.721864939 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.722047091 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.727313995 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.727341890 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.732547045 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.732641935 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.732764006 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.732939005 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.732959986 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.742423058 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.747358084 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.747395039 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.751779079 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.751791000 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.790785074 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.790927887 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.790994883 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.792289972 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.792325974 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.792355061 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.792370081 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.800138950 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.800179005 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.800251007 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.800478935 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.800503016 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.847906113 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.847973108 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.848057985 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.848237991 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.848287106 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.848316908 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.848332882 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.851537943 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.851586103 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:05.852556944 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.852556944 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:05.852598906 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.219208956 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.219835043 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.219850063 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.220386028 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.220391035 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.276567936 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.277147055 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.277163982 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.277750969 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.277755976 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.317379951 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.317528009 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.317589998 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.317764044 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.317771912 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.317787886 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.317792892 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.321194887 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.321228981 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.321302891 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.321418047 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.321436882 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.385600090 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.385663986 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.385714054 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.386044979 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.386053085 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.386075020 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.386079073 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.389374971 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.389404058 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.389478922 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.389695883 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.389709949 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.391073942 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.391859055 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.391922951 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.392400980 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.392416954 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.415855885 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.416482925 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.416490078 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.417002916 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.417006969 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.502800941 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.502854109 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.502955914 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.503287077 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.503314972 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.503340960 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.503355980 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.506620884 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.506836891 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.506863117 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.506946087 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.507143021 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.507163048 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.507282972 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.507304907 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.507900953 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.507908106 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.510356903 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.510405064 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.510451078 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.510582924 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.510593891 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.510602951 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.510608912 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.512857914 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.512876034 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.512959957 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.513161898 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.513175011 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.608192921 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.608336926 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.608392000 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.608583927 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.608591080 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.608606100 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.608613968 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.611927032 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.611958027 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.612039089 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.612195969 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.612210035 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.978292942 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.979415894 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.979435921 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:06.979558945 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:06.979563951 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.036001921 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.036634922 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.036658049 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.037117958 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.037122965 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.079191923 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.079324961 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.079612970 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.079632998 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.079646111 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.079735994 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.079745054 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.083729029 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.083781004 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.083880901 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.084142923 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.084162951 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.144434929 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.145051003 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.145121098 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.145194054 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.147211075 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.147250891 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.147695065 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.147702932 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.148113966 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.148138046 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.148153067 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.148165941 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.155838013 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.155874968 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.155940056 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.156116962 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.156135082 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.170775890 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.171611071 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.171622038 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.172086000 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.172091007 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.245016098 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.245078087 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.245343924 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.245513916 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.245513916 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.245526075 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.245536089 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.248766899 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.248780012 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.248867989 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.249090910 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.249099970 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.255204916 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.255830050 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.255841017 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.256263971 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.256268978 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.270752907 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.270908117 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.270999908 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.271039963 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.271047115 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.271058083 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.271061897 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.274144888 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.274152994 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.274385929 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.274385929 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.274409056 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.386563063 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.386713028 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.386892080 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.386945009 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.386957884 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.386970997 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.386976957 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.390099049 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.390136003 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.390265942 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.390578985 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.390595913 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.761944056 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.762748003 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.762768984 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.763223886 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.763228893 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.768418074 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.769720078 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.769737959 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.770778894 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.770785093 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.818202019 CEST	49724	80	192.168.2.4	199.232.210.172
Oct 7, 2024 18:24:07.824647903 CEST	80	49724	199.232.210.172	192.168.2.4
Oct 7, 2024 18:24:07.825268984 CEST	49724	80	192.168.2.4	199.232.210.172
Oct 7, 2024 18:24:07.863022089 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.863171101 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.863234997 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.865444899 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.865514040 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.865569115 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.866868019 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.869527102 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.869539976 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.869549990 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.869554996 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.907444000 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.916846991 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.916858912 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.916887999 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.916893005 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.918669939 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.918678999 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.919274092 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.919277906 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.922147036 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.922153950 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.926147938 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.926152945 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.929470062 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.929486036 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.929579973 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.929739952 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.929752111 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.930480003 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.930495024 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:07.930573940 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.930727959 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:07.930742025 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.008272886 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.012875080 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.012923002 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.013051987 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.018781900 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.018858910 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.018996000 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.051078081 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.058676004 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.058686972 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.059125900 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.059129953 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.059320927 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.059330940 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.059348106 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.059354067 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.060564041 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.060564041 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.060569048 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.060575962 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.063894987 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.063909054 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.063987970 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.064104080 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.064114094 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.064635038 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.064675093 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.064745903 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.064830065 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.064838886 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.150739908 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.150892019 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.150969028 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.151330948 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.151343107 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.301218987 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.301284075 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.301367998 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.301701069 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.301733017 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.499882936 CEST	49865	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:24:08.499917984 CEST	443	49865	142.250.185.100	192.168.2.4
Oct 7, 2024 18:24:08.499990940 CEST	49865	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:24:08.500255108 CEST	49865	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:24:08.500276089 CEST	443	49865	142.250.185.100	192.168.2.4
Oct 7, 2024 18:24:08.569571972 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.570317030 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.570338964 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.570986032 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.570990086 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.571270943 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.571855068 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.571876049 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.572221994 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.572227001 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.664846897 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.664918900 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.664989948 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.665302038 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.665306091 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.665328026 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.665332079 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.666722059 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.666846991 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.666914940 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.667011023 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.667016029 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.667026043 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.667030096 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.669065952 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.669097900 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.669179916 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.669190884 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.669234991 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.669308901 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.669316053 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.669332027 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.669538021 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.669564962 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.674961090 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.675323963 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.675339937 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.675942898 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.675947905 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.678985119 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.679418087 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.679431915 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.679796934 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.679801941 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.778458118 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.778531075 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.778604984 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.778630972 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.778691053 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.778743029 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.778935909 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.778944016 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.778955936 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.778959990 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.782593012 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.782681942 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.782813072 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.782979012 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.783015013 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.791371107 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.794135094 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.794388056 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.794449091 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.794464111 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.794472933 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.794477940 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.797588110 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.797641039 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:08.797728062 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.798109055 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:08.798126936 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.019174099 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.019839048 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.019895077 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.020351887 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.020365000 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.118845940 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.119014025 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.119152069 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.119378090 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.119378090 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.119421959 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.119446039 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.122412920 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.122450113 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.122519016 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.122658014 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.122669935 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.139722109 CEST	443	49865	142.250.185.100	192.168.2.4
Oct 7, 2024 18:24:09.140098095 CEST	49865	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:24:09.140115023 CEST	443	49865	142.250.185.100	192.168.2.4
Oct 7, 2024 18:24:09.140568972 CEST	443	49865	142.250.185.100	192.168.2.4
Oct 7, 2024 18:24:09.140929937 CEST	49865	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:24:09.141006947 CEST	443	49865	142.250.185.100	192.168.2.4
Oct 7, 2024 18:24:09.189965010 CEST	49865	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:24:09.293562889 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.294142008 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.294174910 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.294636965 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.294642925 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.308898926 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.309324026 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.309346914 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.309777021 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.309788942 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.388999939 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.389058113 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.389126062 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.389169931 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.389223099 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.389291048 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.389370918 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.389426947 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.389463902 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.389481068 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.394107103 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.394170046 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.394248009 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.394390106 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.394407988 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.405381918 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.405858040 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.405905962 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.406416893 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.406429052 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.411454916 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.411475897 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.411531925 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.411549091 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.411601067 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.411674023 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.411674023 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.411688089 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.411849022 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.411875963 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.411921978 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.414246082 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.414277077 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.414349079 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.414470911 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.414484024 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.480762959 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.481394053 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.481415987 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.482045889 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.482052088 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.506369114 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.506423950 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.506525040 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.506557941 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.506617069 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.506834030 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.506880045 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.506910086 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.506925106 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.509733915 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.509768009 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.509932995 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.509985924 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.509998083 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.659554958 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.659691095 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.659738064 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.659893036 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.659904957 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.663171053 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.663203955 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.663259983 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.663400888 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.663414001 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.747359991 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.747980118 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.747997999 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.748459101 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.748465061 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.845513105 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.845571041 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.845678091 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.846242905 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.846260071 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.846270084 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.846276045 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.849562883 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.849602938 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:09.849701881 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.849878073 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:09.849894047 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.092104912 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.092711926 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.092725039 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.093156099 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.093161106 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.186925888 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.187490940 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.187582016 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.187649012 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.187681913 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.187711954 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.187726974 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.191307068 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.191329956 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.191405058 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.191589117 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.191605091 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.296432972 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.303955078 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.303972006 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.303973913 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.305116892 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.305121899 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.319842100 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.319858074 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.321253061 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.321258068 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.340212107 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.341048956 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.341068983 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.341936111 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.341943026 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.441236973 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.441410065 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.441481113 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.441627026 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.441646099 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.441656113 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.441660881 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.445065022 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.445090055 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.445163965 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.445238113 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.445297956 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.445343971 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.445513010 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.445513964 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.445523024 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.445525885 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.445533991 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.445538998 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.447312117 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.447482109 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.447525978 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.447794914 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.447798014 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.447808981 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.447813034 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.448191881 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.448200941 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.448252916 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.449302912 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.449315071 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.450676918 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.450685024 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.450872898 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.450872898 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.450892925 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.758694887 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.800466061 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.800503969 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.808264971 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.808274031 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.886049986 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.886770964 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.886785984 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.886936903 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.886945009 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.898977995 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.899193048 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.899250031 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.899281979 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.899300098 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.899311066 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.899317980 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.902470112 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.902564049 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.902647018 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.902859926 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.902893066 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.982314110 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.982494116 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.982669115 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.982669115 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.982702017 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.982717037 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.985923052 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:10.985987902 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:10.986073971 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.009273052 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.009298086 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.059779882 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.060295105 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.060308933 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.060774088 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.060779095 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.067601919 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.067867994 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.067878008 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.068203926 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.068207979 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.080949068 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.081195116 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.081202030 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.081542015 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.081546068 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.166934967 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.166963100 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.167254925 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.167329073 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.167335033 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.167351961 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.167421103 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.167465925 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.167469978 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.167504072 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.167507887 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.167531967 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.167577982 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.167841911 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.167856932 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.167867899 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.167872906 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.170737982 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.170772076 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.170806885 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.170831919 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.170876026 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.170917034 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.171046972 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.171076059 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.171087027 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.171091080 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.182722092 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.182884932 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.182938099 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.182967901 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.182972908 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.182984114 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.182987928 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.185328007 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.185357094 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.185416937 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.185566902 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.185581923 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.567122936 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.567770004 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.567837000 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.568243027 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.568257093 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.660022974 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.660592079 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.660614014 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.661022902 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.661030054 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.668982029 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.669029951 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.669095993 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.669275045 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.669312000 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.669338942 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.669353962 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.672307014 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.672391891 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.672491074 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.672633886 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.672652006 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.762156963 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.763065100 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.763140917 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.763175964 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.763252974 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.763370037 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.763370037 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.763370037 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.763432980 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.765907049 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.765934944 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.766006947 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.766139030 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.766151905 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.784260988 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.784773111 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.784800053 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.785208941 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.785219908 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.787885904 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.788203955 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.788238049 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.788562059 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.788574934 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.808368921 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.808722019 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.808747053 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.809108973 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.809114933 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.878124952 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.878868103 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.879003048 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.879244089 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.879244089 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.879271030 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.879292965 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.882163048 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.882203102 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.882281065 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.882410049 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.882426977 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.882433891 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.882616043 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.886323929 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.886323929 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.886323929 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.888134003 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.888143063 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.888211966 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.888322115 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.888335943 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.909130096 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.909949064 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.910038948 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.910315990 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.910331964 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.910341978 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.910346985 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.913091898 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.913127899 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:11.913219929 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.913377047 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:11.913403034 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.064420938 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.064443111 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.189623117 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.189688921 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.280733109 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.284363985 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.284384012 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.284914970 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.284926891 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.383456945 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.383486032 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.383528948 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.383546114 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.383588076 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.392311096 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.392319918 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.392337084 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.392344952 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.405073881 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.405127048 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.405225992 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.405383110 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.405402899 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.408021927 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.408526897 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.408535957 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.409034014 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.409039974 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.490892887 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.491446972 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.491466999 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.491945028 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.491949081 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.505861998 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.506042004 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.506150007 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.506232023 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.506232023 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.506275892 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.506302118 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.509217978 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.509231091 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.509407043 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.509470940 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.509480000 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.525648117 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.526031971 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.526047945 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.526443958 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.526448965 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.566205025 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.566749096 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.566787958 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.567248106 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.567260027 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.585387945 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.585562944 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.585690975 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.585762024 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.585773945 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.585783958 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.585788965 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.588773966 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.588829041 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.588916063 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.589042902 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.589072943 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.623310089 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.623473883 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.623761892 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.623800039 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.623807907 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.623819113 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.623822927 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.626864910 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.626893997 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.626990080 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.627181053 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.627213955 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.666770935 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.666958094 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.667012930 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.667045116 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.667098045 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.667131901 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.667160034 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.667186022 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.667201042 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.670022011 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.670110941 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:12.670270920 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.670392036 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:12.670414925 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.038532972 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.039129019 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.039158106 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.039660931 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.039673090 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.126506090 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.140105963 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.140224934 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.140290976 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.162775040 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.162834883 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.163305998 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.163321018 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.163456917 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.163456917 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.163489103 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.163512945 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.166567087 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.166635990 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.166712999 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.166887045 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.166919947 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.221940994 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.224323034 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.224354982 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.227798939 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.227811098 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.254836082 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.255100965 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.255172968 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.255206108 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.255343914 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.264516115 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.264549971 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.264578104 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.264592886 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.270297050 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.291848898 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.291902065 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.292325974 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.292340040 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.294327021 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.294348955 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.294425964 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.294545889 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.294562101 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.299071074 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.299427986 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.299465895 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.299860001 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.299873114 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.320374012 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.320723057 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.320785046 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.322412968 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.322453022 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.322479963 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.322494030 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.340322018 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.340356112 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.340430975 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.342746973 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.342762947 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.391829014 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.391943932 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.392132998 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.397399902 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.397469997 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.397532940 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.398390055 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.398437023 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.398468018 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.398484945 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.401504993 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.401521921 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.401547909 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.401559114 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.420007944 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.420056105 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.420116901 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.420327902 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.420351982 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.420459032 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.420566082 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.420578957 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.420681000 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.420697927 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.779230118 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.779892921 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.779917002 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:13.780510902 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:13.780515909 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.100195885 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.100223064 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.100266933 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.100338936 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.100399017 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.102705956 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.102715015 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.102731943 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.102742910 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.105652094 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.105664968 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.105742931 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.105894089 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.105906963 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.107189894 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.107542038 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.107554913 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.107727051 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.107954025 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.107975006 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.108038902 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.108043909 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.108341932 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.108346939 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.202042103 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.202192068 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.202280998 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.202414036 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.202424049 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.202449083 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.202454090 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.203869104 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.204029083 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.204087019 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.204235077 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.204250097 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.209399939 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.209399939 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.209440947 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.209453106 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.209570885 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.209570885 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.209692955 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.209712029 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.209722042 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.209733009 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.284878016 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.285404921 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.285435915 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.285890102 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.285897970 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.287437916 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.287816048 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.287822008 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.288230896 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.288233995 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.388314009 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.388386965 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.388430119 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.388608932 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.388627052 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.388636112 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.388642073 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.388716936 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.388788939 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.388849020 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.388856888 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.388932943 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.388932943 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.388938904 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.389059067 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.392730951 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.392766953 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.392831087 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.393528938 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.393594027 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.393672943 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.393695116 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.393706083 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.393814087 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.393841982 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.739424944 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.740324974 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.740343094 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.740921974 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.740927935 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.829303980 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.829968929 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.829984903 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.830233097 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.831417084 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.831417084 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.831417084 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.831427097 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.831453085 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.831459999 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.834803104 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.835112095 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.835170031 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.835197926 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.835217953 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.835227013 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.835232019 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.838531017 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.838555098 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.838644028 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.838838100 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.838852882 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.927681923 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.927804947 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.927848101 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.927922010 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.928134918 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.928134918 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.928150892 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.928158998 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.928581953 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.928637028 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.930144072 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.930144072 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.930155039 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.930162907 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.932024956 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.932060957 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.932131052 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.932202101 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.932259083 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.932265997 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.932276011 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:14.932329893 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.932420969 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:14.932436943 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.065835953 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.066334009 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.066346884 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.066869020 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.066873074 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.080967903 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.081593990 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.081675053 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.081919909 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.081938028 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.166163921 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.166255951 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.166311026 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.166462898 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.166479111 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.166488886 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.166493893 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.169578075 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.169651985 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.169730902 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.169852972 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.169872999 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.183258057 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.183442116 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.183505058 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.183527946 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.183558941 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.183620930 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.183621883 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.183666945 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.183692932 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.186103106 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.186151981 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.186332941 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.186500072 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.186516047 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.466800928 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.467375040 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.467396975 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.467991114 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.467997074 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.533807993 CEST	49911	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:15.533837080 CEST	443	49911	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:15.533895016 CEST	49911	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:15.534084082 CEST	49911	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:15.534096003 CEST	443	49911	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:15.562630892 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.562783957 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.562858105 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.563024044 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.563060045 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.563076019 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.563086033 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.563091993 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.563281059 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.563297033 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.564625978 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.564848900 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.564857006 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.565228939 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.565243006 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.565766096 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.565771103 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.567919970 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.567946911 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.568167925 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.568197966 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.568202972 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.667716026 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.667875051 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.667885065 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.667934895 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.667958975 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.668081045 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.668104887 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.668133974 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.668210983 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.668210983 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.668217897 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.668227911 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.668229103 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.668236971 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.668256044 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.668268919 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.671333075 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.671353102 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.671437025 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.671482086 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.671488047 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.671540022 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.671560049 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.671571016 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.671715975 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.671725035 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.792656898 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.793107986 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.793169022 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.794953108 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.794989109 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.817128897 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.817603111 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.817620993 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.818098068 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.818103075 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.888641119 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.888794899 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.889020920 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.889251947 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.889251947 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.889300108 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.889328003 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.892244101 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.892277956 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.892822027 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.892822027 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.892858028 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.922184944 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.922246933 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.922354937 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.922442913 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.922468901 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.922579050 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.922595024 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.922605038 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.922610044 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.925606966 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.925637960 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:15.926183939 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.926454067 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:15.926469088 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.178211927 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.178747892 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.178766966 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.179395914 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.179400921 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.249022007 CEST	443	49911	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:16.250478983 CEST	49911	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:16.250497103 CEST	443	49911	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:16.250848055 CEST	443	49911	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:16.254425049 CEST	49911	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:16.254489899 CEST	443	49911	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:16.254587889 CEST	49911	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:16.254620075 CEST	49911	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:16.254667044 CEST	443	49911	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:16.275494099 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.275657892 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.275892973 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.275892973 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.275892973 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.278650045 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.278698921 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.278774977 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.278907061 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.278918982 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.289895058 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.290324926 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.290348053 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.290942907 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.290947914 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.291229010 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.291476011 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.291486979 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.291798115 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.291801929 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.392594099 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.392594099 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.392677069 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.392729044 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.392739058 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.392798901 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.392839909 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.392889977 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.392889977 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.393179893 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.393182993 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.393201113 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.393204927 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.395045042 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.395050049 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.395057917 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.395062923 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.398809910 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.398850918 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.398861885 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.398891926 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.398916006 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.398936987 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.399065971 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.399082899 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.399233103 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.399250031 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.499013901 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.499633074 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.499648094 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.500142097 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.500147104 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.544756889 CEST	443	49911	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:16.545490980 CEST	443	49911	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:16.545552015 CEST	49911	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:16.545905113 CEST	49911	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:16.545912981 CEST	443	49911	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:16.569364071 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.569931984 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.569947958 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.570378065 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.570384026 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.579118967 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.579137087 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.595319986 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.595351934 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.595396042 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.595406055 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.595419884 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.595472097 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.595674038 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.595679998 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.595690012 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.595695019 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.598898888 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.598921061 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.599009037 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.599184036 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.599195004 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.664659023 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.664797068 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.664993048 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.665030956 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.665046930 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.665057898 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.665065050 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.668148994 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.668183088 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.668260098 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.668422937 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.668433905 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.897727966 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.898488998 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.898516893 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.898992062 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.898998022 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.993999958 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.994028091 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.994165897 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.994229078 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.994229078 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.994407892 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.994407892 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.994427919 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.994437933 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.997296095 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.997339010 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:16.997611046 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.997611046 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:16.997647047 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.009210110 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.009999037 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.010018110 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.010458946 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.010463953 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.010554075 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.010864973 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.010873079 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.011451960 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.011456013 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.102874041 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.102969885 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.103030920 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.103235960 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.103255987 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.103266954 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.103272915 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.106611967 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.106621981 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.106657982 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.106712103 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.106821060 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.106882095 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.106918097 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.106925964 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.106996059 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.106996059 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.107002974 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.107011080 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.109054089 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.109070063 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.109147072 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.109371901 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.109384060 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.204639912 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.205183029 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.205199957 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.205794096 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.205797911 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.286747932 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.287414074 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.287426949 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.288163900 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.288168907 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.300409079 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.300549984 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.300622940 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.300714016 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.300719976 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.300729990 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.300734043 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.303798914 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.303829908 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.303922892 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.304080963 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.304095030 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.392817020 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.392889977 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.392949104 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.392963886 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.393017054 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.393136024 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.393162966 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.393162966 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.393178940 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.393188000 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.396768093 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.396794081 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.396857023 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.397144079 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.397157907 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.604813099 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.640748024 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.640772104 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.641302109 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.641307116 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.732582092 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.732886076 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.733016968 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.749088049 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.766473055 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.766503096 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.766596079 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.766602993 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.766976118 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.780616999 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.780648947 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.787779093 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.787784100 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.791621923 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.791632891 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.792032957 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.792037964 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.845594883 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.845632076 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.845720053 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.845886946 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.845891953 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.884475946 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.884565115 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.884681940 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.884721994 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.884728909 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.884776115 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.885504007 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.887023926 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.887037039 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.887065887 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.887065887 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.887072086 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.888118982 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.888125896 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.888143063 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.888148069 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.895334959 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.895376921 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.895441055 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.897469997 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.897536039 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.897645950 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.897670031 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.897682905 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.897917986 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.897948980 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.909009933 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.914684057 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.914700031 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:17.915174961 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:17.915182114 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.006366968 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.006411076 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.006525040 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.006788969 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.006814957 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.006829023 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.006836891 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.009788036 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.009850025 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.009948969 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.010099888 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.010128021 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.062994003 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.065098047 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.065135002 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.065495014 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.065502882 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.164570093 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.164875031 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.165010929 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.165266037 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.165278912 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.165292025 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.165298939 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.168195963 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.168221951 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.169260979 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.169395924 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.169408083 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.286762953 CEST	49932	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:18.286799908 CEST	443	49932	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:18.286906958 CEST	49932	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:18.287249088 CEST	49932	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:18.287259102 CEST	443	49932	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:18.471925974 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.472656012 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.472673893 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.473077059 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.473082066 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.512957096 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.513638973 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.513659000 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.514075041 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.514245033 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.514249086 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.514487028 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.514533043 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.514808893 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.514823914 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.567081928 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.567754030 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.567800045 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.567830086 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.567904949 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.567933083 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.567944050 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.567951918 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.567958117 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.571113110 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.571206093 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.571324110 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.571491957 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.571513891 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.607187033 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.607346058 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.607429028 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.607460022 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.607475996 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.607484102 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.607489109 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.608283043 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.608414888 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.608489990 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.608524084 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.608603001 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.608614922 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.608639002 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.608675003 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.610182047 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.610255957 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.610625029 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.610666990 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.610667944 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.610716105 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.610815048 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.610836983 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.610862970 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.610868931 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.653083086 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.653737068 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.653783083 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.654179096 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.654190063 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.750163078 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.750650883 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.750735998 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.750823021 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.750823021 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.750870943 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.750905991 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.753917933 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.753968000 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.754055977 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.754239082 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.754259109 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.787717104 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.788384914 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.788425922 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.788901091 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.788906097 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.883610010 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.883770943 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.883838892 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.883964062 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.883977890 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.883987904 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.883994102 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.887408972 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.887437105 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.887643099 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.887643099 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:18.887670994 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:18.900706053 CEST	443	49932	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:18.900969982 CEST	49932	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:18.900978088 CEST	443	49932	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:18.901488066 CEST	443	49932	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:18.901926041 CEST	49932	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:18.902004004 CEST	443	49932	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:18.902195930 CEST	49932	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:18.902209997 CEST	49932	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:18.902224064 CEST	443	49932	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:19.038960934 CEST	443	49865	142.250.185.100	192.168.2.4
Oct 7, 2024 18:24:19.039118052 CEST	443	49865	142.250.185.100	192.168.2.4
Oct 7, 2024 18:24:19.039181948 CEST	49865	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:24:19.187261105 CEST	443	49932	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:19.188056946 CEST	443	49932	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:19.188110113 CEST	49932	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:19.188211918 CEST	49932	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:19.188227892 CEST	443	49932	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:19.203357935 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.204663038 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.204685926 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.205647945 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.205660105 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.260344982 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.260948896 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.261010885 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.261466026 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.261480093 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.266690969 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.267036915 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.267056942 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.267417908 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.267421961 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.302032948 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.302403927 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.302462101 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.302500010 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.302520990 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.302536964 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.302546024 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.305649996 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.305664062 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.305747986 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.305913925 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.305923939 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.381910086 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.382060051 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.382220030 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.382297993 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.382308960 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.382320881 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.382325888 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.382436991 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.383135080 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.383589029 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.383610964 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.383672953 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.383734941 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.383903027 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.383940935 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.383968115 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.383982897 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.384177923 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.384186983 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.385967970 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.385998011 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.386044025 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.386069059 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.386085033 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.386109114 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.386207104 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.386217117 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.386308908 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.386322975 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.479125023 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.480613947 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.480689049 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.480740070 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.480760098 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.480773926 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.480781078 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.484086037 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.484117985 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.484188080 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.484340906 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.484354019 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.513639927 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.514247894 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.514278889 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.514966965 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.514972925 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.610253096 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.610400915 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.610469103 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.610640049 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.610657930 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.610667944 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.610685110 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.613919020 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.613948107 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.614028931 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.614217043 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.614227057 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.916074991 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.918631077 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.918638945 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.918651104 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.919123888 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.919128895 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.919363976 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.919394016 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:19.919708967 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:19.919714928 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.017117977 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.017225027 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.017362118 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.018601894 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.018615961 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.018625021 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.018630028 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.021758080 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.021801949 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.021877050 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.022021055 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.022032022 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.026549101 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.030488968 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.030498028 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.030900955 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.030906916 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.047179937 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.048224926 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.048274994 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.048341990 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.050698996 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.050723076 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.050766945 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.050772905 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.053775072 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.053816080 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.054191113 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.054322958 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.054339886 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.103662968 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.106162071 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.106185913 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.106677055 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.106683016 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.139676094 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.140125036 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.140240908 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.162719011 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.162738085 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.162749052 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.162755966 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.165831089 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.165857077 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.165924072 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.166819096 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.166834116 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.200409889 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.200705051 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.200812101 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.239859104 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.284445047 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.284944057 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.284959078 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.284966946 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.284972906 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.311106920 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.311121941 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.319091082 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.319098949 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.401910067 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.401967049 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.402049065 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.402483940 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.402498960 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.411045074 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.411104918 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.411153078 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.411164045 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.411252975 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.411356926 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.411369085 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.414993048 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.415021896 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.415153980 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.415326118 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.415339947 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.678642988 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.679177046 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.679193974 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.679683924 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.679688931 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.682888985 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.683222055 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.683252096 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.683603048 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.683609009 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.776719093 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.776974916 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.777070999 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.777143955 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.777195930 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.777204990 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.777215004 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.777220011 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.780155897 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.780164957 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.780181885 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.780203104 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.780222893 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.780239105 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.780289888 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.780333996 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.780446053 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.780459881 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.780509949 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.780527115 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.782579899 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.782607079 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.782712936 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.782862902 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.782876968 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.846323013 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.846896887 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.846936941 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.847410917 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.847418070 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.940783024 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.940862894 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.940922022 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.941163063 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.941179037 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.941220999 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.941226959 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.944518089 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.944545984 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:20.944628000 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.944794893 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:20.944799900 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.018176079 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.019188881 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.019212008 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.019880056 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.019886017 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.061288118 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.062212944 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.062241077 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.066441059 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.066446066 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.113301992 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.113360882 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.113404989 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.113404036 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.113451004 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.113754034 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.113771915 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.118567944 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.118601084 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.118663073 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.119113922 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.119127989 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.163305998 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.163484097 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.163541079 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.163757086 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.163770914 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.163779974 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.163784981 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.166829109 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.166872978 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.166953087 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.167162895 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.167179108 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.388242960 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.390670061 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.390687943 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.391133070 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.391139030 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.392277956 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.400727034 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.400751114 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.401546001 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.401554108 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.700766087 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.700819969 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.700866938 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.700911999 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.700936079 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.700937986 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.700958014 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.701009989 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.701010942 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.701050997 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.701178074 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.701196909 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.701208115 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.701212883 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.701582909 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.701607943 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.701625109 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.701632977 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.703953981 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.707874060 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.707901001 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.707967997 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.708367109 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.708376884 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.709038019 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.709043980 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.709769011 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.709778070 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.709899902 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.710031986 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.710045099 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.710211992 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.710222960 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.925621033 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.925654888 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.925714970 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.925890923 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.926079035 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.926079035 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.926105976 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.926117897 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.929397106 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.929433107 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.929567099 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.929774046 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.929784060 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.988993883 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.990669012 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.990700960 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.991158962 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.991166115 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.994455099 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.998450041 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.998457909 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:21.998855114 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:21.998859882 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.086611032 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.086760044 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.086878061 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.094018936 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.094043016 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.094055891 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.094063997 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.095333099 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.095578909 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.095659971 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.096299887 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.096304893 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.098540068 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.098556995 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.098660946 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.098774910 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.098802090 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.098807096 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.098812103 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.098871946 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.098951101 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.098959923 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.399811983 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.400450945 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.400474072 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.400960922 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.400968075 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.451792955 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.452873945 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.452900887 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.453547955 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.453555107 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.579202890 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.583637953 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.583657026 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.584135056 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.584141016 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.596069098 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.596149921 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.596214056 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.606488943 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.606513977 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.615601063 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.615626097 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.615669966 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.615746021 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.615792990 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.674609900 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.674726963 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.674988985 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.679559946 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.679598093 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.679611921 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.679620028 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.819751024 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.840008020 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.860991001 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.861033916 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.861480951 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.861486912 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.861709118 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.861732006 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.862080097 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.862083912 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.862260103 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.862260103 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.862299919 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.862314939 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.868010044 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.868050098 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.868122101 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.868796110 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.868812084 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.869729996 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.869760036 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.870177984 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.870316982 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.870326042 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.870562077 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.870606899 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.870698929 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.870853901 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.870862961 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.954449892 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.954992056 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.955038071 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.955045938 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.955092907 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.955137014 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.955151081 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.955163956 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.955163956 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.955169916 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.955177069 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.957654953 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.957799911 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.957861900 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.958020926 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.958039999 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.958050013 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.958055973 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.958378077 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.958408117 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.958468914 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.958901882 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.958913088 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.960335016 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.960341930 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:22.960417986 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.960519075 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:22.960527897 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.474395990 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.475111961 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.475125074 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.476097107 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.476100922 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.477894068 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.478259087 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.478283882 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.478657007 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.478663921 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.507375956 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.513369083 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.513380051 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.514225006 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.514229059 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.563628912 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.564208031 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.564232111 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.564594030 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.564600945 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.571666956 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.571744919 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.571794987 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.571959019 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.571970940 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.571980953 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.571985960 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.574208021 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.574230909 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.574268103 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.574274063 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.574306965 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.574428082 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.574444056 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.574453115 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.574459076 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.575457096 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.575478077 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.575529099 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.575711966 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.575725079 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.576751947 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.576776981 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.576833963 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.576939106 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.576951981 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.579269886 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.579611063 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.579618931 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.580194950 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.580199957 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.613363028 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.613842964 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.613909960 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.613967896 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.613977909 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.613991022 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.613995075 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.616180897 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.616218090 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.616296053 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.616409063 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.616420031 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.661806107 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.661880970 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.661946058 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.662157059 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.662182093 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.662194967 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.662200928 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.666136980 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.666176081 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.666418076 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.666418076 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.666455984 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.673516035 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.673676968 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.673743010 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.673798084 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.673804045 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.673814058 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.673818111 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.675724030 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.675753117 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:23.675827980 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.675928116 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:23.675942898 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.188353062 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.188870907 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.188895941 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.189390898 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.189397097 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.208791971 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.209206104 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.209224939 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.209683895 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.209690094 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.364340067 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.364412069 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.364470005 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.364716053 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.364733934 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.364762068 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.364767075 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.366825104 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.367208004 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.367232084 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.367671013 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.367671967 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.367680073 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.367707968 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.367783070 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.367903948 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.367918015 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.379405022 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.379735947 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.379757881 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.380110025 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.380136967 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.380143881 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.380150080 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.380179882 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.380191088 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.380232096 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.380300045 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.380315065 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.380323887 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.380328894 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.382394075 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.382422924 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.382508039 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.382602930 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.382626057 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.382639885 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.382880926 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.382905006 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.383261919 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.383270025 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.517457962 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.517879009 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.517937899 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.518035889 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.518054008 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.518064022 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.518069983 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.518493891 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.518953085 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.519018888 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.519092083 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.519114017 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.519126892 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.519133091 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.521759987 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.521858931 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.521882057 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.521907091 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.521929979 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.521938086 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.521991014 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.522169113 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.522182941 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.522205114 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.522216082 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.522373915 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.522416115 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.522443056 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.522458076 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.522504091 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.522536039 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.522543907 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.522561073 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.522566080 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.524337053 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.524373055 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:24.524422884 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.524560928 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:24.524576902 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.035752058 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.036313057 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.036369085 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.036794901 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.036808014 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.040124893 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.040379047 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.040395975 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.040735006 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.040740013 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.134345055 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.134371996 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.134430885 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.134480953 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.134550095 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.139030933 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.139086008 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.139137983 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.139172077 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.145703077 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.148901939 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.148938894 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.149127960 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.149132967 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.149316072 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.149364948 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.149394989 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.149411917 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.150270939 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.150290012 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.150299072 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.150304079 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.151349068 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.151371002 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.151707888 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.151719093 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.153707027 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.153808117 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.153904915 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.154005051 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.154026031 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.154465914 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.154489040 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.154558897 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.154653072 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.154680014 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.176501036 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.183501005 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.183517933 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.183991909 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.183996916 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.243207932 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.243360996 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.243432045 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.243546009 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.243575096 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.243616104 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.243634939 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.243935108 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.243977070 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.246704102 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.246737957 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.246763945 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.246778011 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.261657000 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.261677980 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.261691093 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.261698008 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.279090881 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.279299974 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.279350042 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.279361963 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.279376030 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.279428959 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.335721970 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.335741043 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.335752964 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.335757017 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.341345072 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.341396093 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.341464996 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.342297077 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.342329025 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.342382908 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.342475891 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.342494011 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.343270063 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.343302011 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.343353987 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.343411922 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.343425035 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.343513966 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.343528986 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.771173954 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.771888971 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.771924973 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.772376060 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.772384882 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.794714928 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.795291901 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.795320988 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.795665026 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.795672894 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.867367029 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.867389917 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.867465019 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.867492914 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.867609024 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.867656946 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.867810965 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.867829084 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.867842913 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.867851019 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.871167898 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.871210098 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.871304035 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.871484995 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.871498108 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.906889915 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.906919956 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.906965017 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.907001019 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.907042980 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.907206059 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.907219887 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.910770893 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.910846949 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:25.910931110 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.911094904 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:25.911114931 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.027271032 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.027772903 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.027787924 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.028287888 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.028294086 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.120116949 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.120708942 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.120733976 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.121177912 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.121186018 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.144534111 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.144962072 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.144989967 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.145430088 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.145436049 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.219810009 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.219847918 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.219911098 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.219947100 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.219974995 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.220238924 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.220259905 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.220274925 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.220280886 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.223671913 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.223705053 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.223793983 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.223947048 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.223958015 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.243695021 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.243838072 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.243896008 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.243957996 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.243957996 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.243971109 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.243978977 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.246208906 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.246239901 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.246308088 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.246437073 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.246449947 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.252044916 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.252196074 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.252255917 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.252278090 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.252296925 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.252310038 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.252320051 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.254378080 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.254388094 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.254453897 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.254559040 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.254570961 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.589562893 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.590058088 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.590070009 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.590550900 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.590554953 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.660453081 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.660861015 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.660881996 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.661276102 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.661286116 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.685153008 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.685182095 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.685223103 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.685313940 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.685583115 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.685597897 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.685606003 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.685611010 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.688646078 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.688687086 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.688759089 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.688913107 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.688926935 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.767097950 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.767183065 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.767355919 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.767467022 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.767484903 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.767494917 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.767499924 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.770435095 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.770456076 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.770545959 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.770697117 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.770709038 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.825781107 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.826463938 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.826505899 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.826829910 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.826836109 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.870300055 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.870675087 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.870692968 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.870877981 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.871068954 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.871073961 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.871493101 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.871505976 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.871819973 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.871824980 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.924278021 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.924388885 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.924428940 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.924453974 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.924495935 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.924640894 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.924654961 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.924664974 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.924669981 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.927524090 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.927551031 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.927627087 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.927762985 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.927774906 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.966727972 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.966748953 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.966782093 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.966810942 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.966844082 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.967012882 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.967024088 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.967032909 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.967037916 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.967677116 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.967828035 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.967891932 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.967912912 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.967916965 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.967933893 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.967936993 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.969101906 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.969118118 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.969183922 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.969295025 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.969305038 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.969672918 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.969701052 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:26.969754934 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.969861031 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:26.969871998 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.339498997 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.340106964 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.340147972 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.340531111 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.340538025 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.411202908 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.411689043 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.411725044 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.412163019 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.412172079 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.437491894 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.437621117 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.437699080 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.437895060 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.437913895 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.437927008 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.437932014 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.441473007 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.441493988 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.441575050 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.441715002 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.441720963 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.569327116 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.569900990 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.569936991 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.570370913 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.570378065 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.591818094 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.592287064 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.592322111 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.592576981 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.592583895 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.599237919 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.599309921 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.599368095 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.599526882 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.599549055 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.599559069 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.599564075 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.602490902 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.602520943 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.602606058 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.602771997 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.602785110 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.602922916 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.603220940 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.603235960 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.603598118 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.603600979 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.669145107 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.669673920 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.669712067 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.669727087 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.669774055 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.669802904 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.669821978 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.669832945 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.669838905 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.673674107 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.673702955 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.673773050 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.673912048 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.673926115 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.690066099 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.690134048 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.690179110 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.690378904 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.690396070 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.690407038 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.690412045 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.692996025 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.693018913 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.693094015 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.693202019 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.693214893 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.698437929 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.698602915 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.698667049 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.698694944 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.698702097 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.698709011 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.698713064 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.701085091 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.701113939 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:27.701188087 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.701325893 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:27.701342106 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.084350109 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.084991932 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.085028887 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.085366964 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.085374117 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.213579893 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.214181900 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.214200974 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.214689970 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.214695930 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.309371948 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.309642076 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.312891006 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.312891006 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.312891006 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.316103935 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.316154957 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.316215038 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.316349983 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.316358089 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.329015970 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.329092979 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.329144001 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.329237938 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.329303980 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.329327106 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.329341888 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.329341888 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.329349041 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.329355001 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.331537008 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.331568956 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.331645966 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.331751108 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.331763029 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.341069937 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.341387987 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.341604948 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.341640949 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.341690063 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.341773987 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.342000008 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.342006922 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.342065096 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.342083931 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.440651894 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.441205978 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.441291094 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.441370010 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.441370010 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.441406012 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.441437006 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.443034887 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.443125963 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.443295002 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.443341017 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.443362951 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.443376064 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.443382025 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.444309950 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.444365025 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.444466114 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.444619894 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.444636106 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.445417881 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.445463896 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.445523977 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.445626020 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.445636034 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.625865936 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.625886917 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.935074091 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.935692072 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.935722113 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.936125040 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.936131954 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.943222046 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.943574905 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.943584919 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:28.943978071 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:28.943984032 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.030999899 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.031028986 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.031066895 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.031209946 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.031209946 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.031433105 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.031455040 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.031470060 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.031476021 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.034899950 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.034996986 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.035356045 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.035356045 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.035444975 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.039532900 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.039604902 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.039654970 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.039789915 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.039804935 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.039817095 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.039822102 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.041997910 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.042009115 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.042085886 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.042213917 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.042223930 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.074392080 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.075063944 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.075112104 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.075531960 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.075539112 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.082849979 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.083277941 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.083334923 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.083715916 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.083731890 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.171962976 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.172036886 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.172144890 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.172302961 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.172302961 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.172565937 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.172585964 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.172600985 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.172607899 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.176186085 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.176218987 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.176311970 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.176537991 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.176546097 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.180704117 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.180917978 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.180996895 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.181071043 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.181071043 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.181128025 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.181154013 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.183389902 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.183418989 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.183495998 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.183640003 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.183654070 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.667686939 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.675028086 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.720093966 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.722150087 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.826936960 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.846725941 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.861468077 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.861493111 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.861941099 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.861946106 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.862220049 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.862247944 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.865828037 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.865848064 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.866101980 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.866108894 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.869369984 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.869375944 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.869802952 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.869849920 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.875545025 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.875555038 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.958549023 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.958714962 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.958770990 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.958908081 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.958929062 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.958940983 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.958946943 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.961030960 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.961219072 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.961361885 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.961361885 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.961363077 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.962196112 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.962239981 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.962313890 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.962457895 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.962464094 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.963361979 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.963370085 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.963439941 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.963521957 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.963527918 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.966650963 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.966725111 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.966783047 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.966819048 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.966850996 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.966898918 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.966928959 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.966958046 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.966991901 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.967006922 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.968655109 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.968678951 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.968734026 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.968844891 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.968858957 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.969038010 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.969192982 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.969248056 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.969286919 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.969286919 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.969307899 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.969321012 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.971586943 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.971612930 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:29.971684933 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.971853018 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:29.971865892 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.267167091 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.267189980 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.581746101 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.582345009 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.582361937 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.583019972 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.583024025 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.590063095 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.590523958 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.590539932 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.590739012 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.590933084 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.590938091 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.590995073 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.591034889 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.591444016 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.591450930 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.616049051 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.616457939 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.616511106 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.616877079 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.616883993 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.682502031 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.682585955 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.682683945 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.682902098 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.682915926 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.682928085 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.682934999 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.685062885 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.685139894 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.685193062 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.685208082 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.685266972 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.685314894 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.685813904 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.685856104 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.685915947 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.686063051 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.686077118 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.686104059 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.686115026 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.686127901 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.686134100 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.687685013 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.688133001 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.688180923 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.688179970 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.688230991 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.688528061 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.688536882 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.688556910 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.688575029 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.688585997 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.688591003 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.688596010 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.689003944 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.689013004 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.690455914 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.690478086 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.690536022 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.690630913 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.690640926 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.716757059 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.716917992 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.716970921 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.717029095 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.717035055 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.717046022 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.717051029 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.719701052 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.719794989 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:30.719891071 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.720005035 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:30.720038891 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.305721045 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.306308985 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.306348085 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.306694031 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.306701899 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.310937881 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.311306953 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.311330080 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.311709881 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.311717033 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.328246117 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.328979969 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.329011917 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.329292059 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.329298019 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.403346062 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.403410912 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.403485060 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.403670073 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.403670073 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.403722048 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.403754950 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.406294107 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.406384945 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.406434059 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.406517982 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.406749010 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.406780958 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.406797886 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.406832933 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.407146931 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.407161951 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.408209085 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.408260107 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.408329010 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.408329010 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.408409119 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.408409119 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.408422947 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.408431053 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.410471916 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.410485983 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.410559893 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.410681963 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.410696030 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.428673029 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.428749084 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.428823948 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.428854942 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.428889036 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.428946018 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.429052114 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.429073095 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.429100037 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.429115057 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.431143999 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.431245089 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.431344032 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.431479931 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.431514978 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.517806053 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.517971992 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.518161058 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.518161058 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.518161058 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.522463083 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.522495031 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.522563934 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.522741079 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.522752047 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.688647985 CEST	49865	443	192.168.2.4	142.250.185.100
Oct 7, 2024 18:24:31.688678026 CEST	443	49865	142.250.185.100	192.168.2.4
Oct 7, 2024 18:24:31.811213970 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.811698914 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.811717033 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.812366009 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.812371969 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.828442097 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.828465939 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.946882010 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.946953058 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.947067976 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.947093964 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.947257996 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.947370052 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.947370052 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.947390079 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.947397947 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.950247049 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.950329065 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:31.950419903 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.950578928 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:31.950598955 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.072812080 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.074708939 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.074739933 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.075145960 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.075153112 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.087086916 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.110682964 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.142262936 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.149008989 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.149034977 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.149487019 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.149497032 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.150815010 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.152822018 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.152846098 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.153212070 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.153218031 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.153420925 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.153440952 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.153703928 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.153708935 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.414485931 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.414568901 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.414652109 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.414860010 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.414889097 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.414912939 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.414920092 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.417714119 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.417814970 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.417892933 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.418050051 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.418088913 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.680679083 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.680746078 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.680819035 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.680830002 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.680835962 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.680849075 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.680879116 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.680893898 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.680898905 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.680954933 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.681138992 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.681138992 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.681169033 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.681169033 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.681169033 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.681189060 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.681200027 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.681209087 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.681838989 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.681863070 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.681898117 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.681905985 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.684165955 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.684190035 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.684287071 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.684293032 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.684328079 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.684360981 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.684453964 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.684464931 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.684528112 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.684530973 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.684865952 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.684959888 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.685029984 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.685153961 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.685184002 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.871140957 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.871851921 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.871901035 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.872342110 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.872355938 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.974380016 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.974462986 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.974526882 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.976052999 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.976052999 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.976100922 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.976130009 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.979552031 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.979604006 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:32.979671955 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.979825020 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:32.979857922 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.305423975 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.306099892 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.306113958 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.306593895 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.306611061 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.312048912 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.312407970 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.312448025 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.312840939 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.312849998 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.313643932 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.313941956 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.313951969 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.314929962 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.314935923 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.332531929 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.332902908 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.332937002 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.333292961 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.333304882 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.407670021 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.407721996 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.407886982 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.408379078 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.408401966 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.408416986 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.408425093 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.411169052 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.411196947 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.411276102 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.411418915 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.411434889 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.412117958 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.412194014 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.412270069 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.412369967 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.412369967 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.412408113 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.412432909 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.413224936 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.413379908 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.413434029 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.413466930 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.413475990 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.413487911 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.413491964 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.414565086 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.414625883 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.414709091 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.414793015 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.414808989 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.415427923 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.415468931 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.415544987 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.415621996 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.415636063 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.433423996 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.433777094 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.433845043 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.433883905 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.433883905 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.433902025 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.433922052 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.435791016 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.435805082 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.435879946 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.435992956 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.436007023 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.592293978 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.596592903 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.596621037 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.606553078 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.606568098 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.710046053 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.710248947 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.710329056 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.710361958 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.710391998 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.710449934 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.710522890 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.710544109 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.710576057 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.710589886 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.713720083 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.713757992 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:33.713947058 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.714024067 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:33.714039087 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.020775080 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.022020102 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.022053957 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.022401094 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.022408009 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.024914980 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.025238991 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.025300980 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.025599003 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.025614023 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.057094097 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.061393976 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.061415911 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.061844110 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.061850071 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.062563896 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.066401005 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.066505909 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.066723108 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.066739082 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.119158983 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.119719982 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.119811058 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.120003939 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.120050907 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.120095968 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.120112896 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.122719049 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.122802973 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.122889996 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.123007059 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.123029947 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.123402119 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.123464108 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.123524904 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.123620033 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.123660088 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.123692989 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.123708963 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.125410080 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.125431061 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.126177073 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.126293898 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.126318932 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.157432079 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.157607079 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.157641888 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.157685995 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.157737970 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.157804012 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.157804012 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.157840014 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.157862902 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.159710884 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.159744978 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.159935951 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.160092115 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.160109043 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.163903952 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.163975954 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.164050102 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.164076090 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.164164066 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.164213896 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.164253950 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.164253950 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.164274931 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.164294004 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.166098118 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.166121006 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.168150902 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.168311119 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.168322086 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.339673996 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.340184927 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.340215921 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.340635061 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.340643883 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.440905094 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.441308022 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.441431999 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.441771984 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.441771984 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.441807985 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.441824913 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.444335938 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.444361925 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.444442034 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.444566011 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.444576025 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.753813982 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.758328915 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.765206099 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.765223026 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.768588066 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.768594980 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.769716978 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.769736052 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.770411015 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.770416021 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.773829937 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.774236917 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.774246931 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.774925947 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.774930000 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.795022964 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.795605898 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.795624018 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.795979023 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.795984983 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.861433029 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.861524105 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.861582041 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.861943960 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.861963034 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.861973047 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.861979008 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.864658117 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.864689112 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.864855051 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.865163088 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.865173101 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.868556023 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.868709087 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.868856907 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.868876934 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.868891001 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.868901968 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.868907928 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.871102095 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.871131897 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.871243954 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.871354103 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.871364117 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.883197069 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.883904934 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.884032011 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.884080887 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.884084940 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.886219978 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.886311054 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.886378050 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.886557102 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.886593103 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.896373034 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.896390915 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.896426916 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.896440029 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.896475077 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.896661043 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.896677971 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.896691084 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.896698952 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.899094105 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.899146080 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:34.899228096 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.899377108 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:34.899393082 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.096355915 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.096965075 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.096976995 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.097491980 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.097496986 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.199106932 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.199270964 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.199575901 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.199575901 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.199575901 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.202462912 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.202539921 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.202634096 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.202770948 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.202789068 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.482268095 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.482958078 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.482978106 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.483417034 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.483423948 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.493750095 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.494255066 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.494285107 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.494864941 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.494893074 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.500950098 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.500967979 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.505019903 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.505392075 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.505459070 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.505911112 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.505927086 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.514406919 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.515018940 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.515028954 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.515198946 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.515203953 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.577615023 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.577651978 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.577717066 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.577724934 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.577944040 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.578015089 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.578079939 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.578084946 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.578094959 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.578099012 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.581841946 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.581888914 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.581960917 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.582144022 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.582161903 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.595844984 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.595869064 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.595917940 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.595928907 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.596097946 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.596129894 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.596146107 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.596163034 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.596168995 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.596209049 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.596214056 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.598674059 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.598699093 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.598902941 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.599056959 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.599071980 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.600673914 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.600696087 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.600745916 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.600764990 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.600812912 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.600936890 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.600936890 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.600972891 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.601002932 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.603425980 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.603466988 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.603559971 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.603703976 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.603734016 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.613534927 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.613696098 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.613797903 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.613972902 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.613984108 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.613993883 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.613997936 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.616580009 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.616600037 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.616674900 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.616807938 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.616832018 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.829667091 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.833487034 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.833506107 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.834243059 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.834249973 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.928102016 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.928154945 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.928327084 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.928360939 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.928478003 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.928500891 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.928524971 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.928621054 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.931674004 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.931708097 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:35.931803942 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.931973934 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:35.931992054 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.205070019 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.205960035 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.205981970 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.206585884 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.206590891 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.212444067 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.212858915 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.212903023 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.213381052 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.213395119 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.224914074 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.225292921 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.225310087 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.225672960 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.225677967 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.230518103 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.230834007 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.230859041 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.231343985 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.231355906 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.308671951 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.308732986 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.308809996 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.308995008 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.309048891 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.309079885 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.309096098 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.310658932 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.310755014 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.310808897 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.310875893 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.310897112 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.310909033 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.310915947 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.312287092 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.312335968 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.312434912 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.312546968 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.312558889 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.313241959 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.313277960 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.313500881 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.313500881 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.313527107 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.322210073 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.322231054 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.322277069 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.322300911 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.322335005 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.322474957 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.322499037 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.322515011 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.322521925 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.325202942 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.325227022 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.325294018 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.325592995 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.325604916 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.327016115 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.327080965 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.327131987 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.327213049 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.327213049 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.327230930 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.327251911 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.329678059 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.329689980 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.329746008 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.333576918 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.333589077 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.564497948 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.565160990 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.565192938 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.565802097 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.565808058 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.662117004 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.662280083 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.662345886 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.681718111 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.681750059 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.681763887 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.681772947 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.708064079 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.708107948 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.708268881 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.708466053 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.708475113 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.922581911 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.923753023 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.923768044 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.924150944 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.924252033 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.924259901 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.924782038 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.924798012 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.925307035 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.925311089 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.955147982 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.955615044 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.955631018 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.956171036 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.956175089 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.965425014 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.966227055 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.966227055 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:36.966240883 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:36.966248035 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.017776012 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.018033028 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.018155098 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.018162966 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.018219948 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.018270016 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.018361092 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.018521070 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.018521070 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.018538952 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.018551111 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.018610954 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.018629074 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.018695116 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.018703938 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.019018888 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.019079924 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.020917892 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.020917892 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.020934105 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.020941973 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.023725986 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.023788929 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.023863077 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.024549961 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.024561882 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.024624109 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.024817944 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.024837971 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.024974108 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.024987936 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.049925089 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.049979925 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.050054073 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.050060987 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.050132036 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.050342083 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.067908049 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.067965031 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.068005085 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.068058968 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.068070889 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.068111897 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.068290949 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.152631044 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.152798891 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.152952909 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.152952909 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.171586037 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.171586037 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.171597004 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.171605110 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.199448109 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.199448109 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.199469090 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.199476957 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.208301067 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.208393097 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.208499908 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.217287064 CEST	50048	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.217331886 CEST	443	50048	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.217415094 CEST	50048	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.217552900 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.217597008 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.217699051 CEST	50048	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.217730999 CEST	443	50048	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.351166964 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.351836920 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.351866961 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.352457047 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.352462053 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.479513884 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.479593039 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.479671955 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.479692936 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.479712009 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.479737043 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.479765892 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.560797930 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.560863972 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.560925961 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.560939074 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.560967922 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.560987949 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.561029911 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.561094046 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.561163902 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.561176062 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.561211109 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.561214924 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.564722061 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.564802885 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.564894915 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.565037966 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.565057993 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.650564909 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.651124954 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.651140928 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.651740074 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.651757002 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.671077013 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.671513081 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.671520948 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.672101021 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.672106028 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.748836994 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.748872995 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.749099016 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.749114037 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.749162912 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.749306917 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.749313116 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.749330044 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.749569893 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.749622107 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.749660015 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.752922058 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.753005028 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.753119946 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.753346920 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.753364086 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.771315098 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.771370888 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.771431923 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.771446943 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.771687031 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.771775961 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.771775961 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.771775961 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.771795034 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.774296999 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.774386883 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.774533033 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.774667978 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.774688959 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.831751108 CEST	443	50048	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.832375050 CEST	50048	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.832439899 CEST	443	50048	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.832854986 CEST	50048	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.832871914 CEST	443	50048	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.855786085 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.856244087 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.856271029 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.856726885 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.856733084 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.926295042 CEST	443	50048	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.927016020 CEST	443	50048	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.927098036 CEST	50048	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.927181005 CEST	50048	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.927181005 CEST	50048	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.927232027 CEST	443	50048	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.927262068 CEST	443	50048	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.930408955 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.930445910 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.930565119 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.930701017 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.930708885 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.955349922 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.955451965 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.955519915 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.958614111 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.958628893 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.958638906 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.958643913 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.961719036 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.961807966 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:37.961905956 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.962059021 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:37.962097883 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.080390930 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.080411911 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.189333916 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.190568924 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.190623999 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.191253901 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.191268921 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.288532972 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.289558887 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.289644003 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.289729118 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.289762020 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.289793015 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.289809942 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.292810917 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.292881012 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.292978048 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.293122053 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.293138027 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.386965990 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.387615919 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.387667894 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.388251066 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.388264894 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.394085884 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.394556999 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.394625902 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.394970894 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.394985914 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.484420061 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.484499931 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.484610081 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.484858036 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.484894037 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.484920979 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.484936953 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.489140987 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.489191055 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.489300966 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.489454031 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.489463091 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.490340948 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.490402937 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.490467072 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.490502119 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.490534067 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.490590096 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.490689039 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.490730047 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.490756035 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.490771055 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.575254917 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.576155901 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.576180935 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.576773882 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.576777935 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.592950106 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.593367100 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.593442917 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.593794107 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.593807936 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.690488100 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.690649033 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.690810919 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.690887928 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.690903902 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.690920115 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.690924883 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.701096058 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.701184034 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.701255083 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.701436043 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.701472998 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.701499939 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.701514006 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.925734997 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.926485062 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.926527023 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:38.926929951 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:38.926940918 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.020704031 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.021039963 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.021120071 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:39.021200895 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:39.021219015 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.021248102 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:39.021259069 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.109390020 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.110124111 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:39.110218048 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.110764980 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:39.110780954 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.205884933 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.205943108 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.206008911 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:39.207004070 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:39.207047939 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:39.207075119 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 18:24:39.207088947 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 18:24:48.067969084 CEST	50056	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:48.068062067 CEST	443	50056	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:48.068157911 CEST	50056	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:48.068510056 CEST	50056	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:48.068548918 CEST	443	50056	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:48.689160109 CEST	443	50056	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:48.689445019 CEST	50056	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:48.689477921 CEST	443	50056	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:48.689985037 CEST	443	50056	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:48.690260887 CEST	50056	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:48.690346956 CEST	443	50056	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:48.690396070 CEST	50056	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:48.690431118 CEST	50056	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:48.690443039 CEST	443	50056	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:49.002965927 CEST	443	50056	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:49.003314972 CEST	443	50056	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:49.003400087 CEST	50056	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:49.003494978 CEST	50056	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:49.003520966 CEST	443	50056	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:51.371736050 CEST	50057	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:51.371772051 CEST	443	50057	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:51.371853113 CEST	50057	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:51.372165918 CEST	50057	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:51.372176886 CEST	443	50057	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:51.991599083 CEST	443	50057	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:51.991923094 CEST	50057	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:51.991971016 CEST	443	50057	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:51.993223906 CEST	443	50057	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:51.993570089 CEST	50057	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:51.993731976 CEST	50057	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:51.993752956 CEST	443	50057	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:51.993777037 CEST	50057	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:51.993777037 CEST	443	50057	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:52.035398960 CEST	443	50057	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:52.048022032 CEST	50057	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:52.202375889 CEST	443	50057	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:52.203103065 CEST	443	50057	142.250.186.110	192.168.2.4
Oct 7, 2024 18:24:52.203329086 CEST	50057	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:52.253520012 CEST	50057	443	192.168.2.4	142.250.186.110
Oct 7, 2024 18:24:52.253586054 CEST	443	50057	142.250.186.110	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 18:23:04.372565985 CEST	53553	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:23:04.372797966 CEST	62038	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:23:04.380918980 CEST	53	62038	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:04.384411097 CEST	53	52881	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:04.387036085 CEST	53	53553	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:04.534368038 CEST	53	52302	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:05.596874952 CEST	53902	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:23:05.597245932 CEST	50897	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:23:05.605170965 CEST	53	50897	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:05.605207920 CEST	53	53902	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:05.619368076 CEST	53	52331	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:08.446937084 CEST	56960	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:23:08.447057962 CEST	63307	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:23:08.454000950 CEST	53	56960	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:08.454349041 CEST	53	63307	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:10.881999969 CEST	53	50064	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:13.362248898 CEST	64762	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:23:13.362410069 CEST	52112	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:23:13.369770050 CEST	53	64762	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:13.371424913 CEST	53	52112	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:14.542388916 CEST	60824	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:23:14.542913914 CEST	62952	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:23:14.549377918 CEST	53	60824	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:14.549992085 CEST	53	62952	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:16.588088989 CEST	53	49969	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:19.240467072 CEST	138	138	192.168.2.4	192.168.2.255
Oct 7, 2024 18:23:22.761801004 CEST	53	56970	1.1.1.1	192.168.2.4
Oct 7, 2024 18:23:41.564548969 CEST	53	58932	1.1.1.1	192.168.2.4
Oct 7, 2024 18:24:04.048228979 CEST	53	54442	1.1.1.1	192.168.2.4
Oct 7, 2024 18:24:04.540467024 CEST	53	54472	1.1.1.1	192.168.2.4
Oct 7, 2024 18:24:15.525939941 CEST	65205	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:24:15.526210070 CEST	52316	53	192.168.2.4	1.1.1.1
Oct 7, 2024 18:24:15.530711889 CEST	53	56653	1.1.1.1	192.168.2.4
Oct 7, 2024 18:24:15.532866001 CEST	53	52316	1.1.1.1	192.168.2.4
Oct 7, 2024 18:24:15.533442974 CEST	53	65205	1.1.1.1	192.168.2.4
Oct 7, 2024 18:24:31.696508884 CEST	53	50540	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 18:23:04.372565985 CEST	192.168.2.4	1.1.1.1	0x4fbf	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:04.372797966 CEST	192.168.2.4	1.1.1.1	0x1298	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 7, 2024 18:23:05.596874952 CEST	192.168.2.4	1.1.1.1	0x645b	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.597245932 CEST	192.168.2.4	1.1.1.1	0x3ebe	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 18:23:08.446937084 CEST	192.168.2.4	1.1.1.1	0x4b72	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:08.447057962 CEST	192.168.2.4	1.1.1.1	0xce6f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 18:23:13.362248898 CEST	192.168.2.4	1.1.1.1	0x6bc7	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:13.362410069 CEST	192.168.2.4	1.1.1.1	0xd2f3	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 18:23:14.542388916 CEST	192.168.2.4	1.1.1.1	0xf1b0	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:14.542913914 CEST	192.168.2.4	1.1.1.1	0x60d0	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 18:24:15.525939941 CEST	192.168.2.4	1.1.1.1	0x5743	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:24:15.526210070 CEST	192.168.2.4	1.1.1.1	0x1e57	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 18:23:04.380918980 CEST	1.1.1.1	192.168.2.4	0x1298	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 7, 2024 18:23:04.387036085 CEST	1.1.1.1	192.168.2.4	0x4fbf	No error (0)	youtube.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605170965 CEST	1.1.1.1	192.168.2.4	0x3ebe	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605170965 CEST	1.1.1.1	192.168.2.4	0x3ebe	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:05.605207920 CEST	1.1.1.1	192.168.2.4	0x645b	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:08.454000950 CEST	1.1.1.1	192.168.2.4	0x4b72	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:08.454349041 CEST	1.1.1.1	192.168.2.4	0xce6f	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 18:23:13.369770050 CEST	1.1.1.1	192.168.2.4	0x6bc7	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 18:23:13.369770050 CEST	1.1.1.1	192.168.2.4	0x6bc7	No error (0)	www3.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:23:13.371424913 CEST	1.1.1.1	192.168.2.4	0xd2f3	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 18:23:14.549377918 CEST	1.1.1.1	192.168.2.4	0xf1b0	No error (0)	play.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:24:15.533442974 CEST	1.1.1.1	192.168.2.4	0x5743	No error (0)	play.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youtube.com

www.youtube.com

fs.microsoft.com

https:

accounts.youtube.com

play.google.com

www.google.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	142.250.184.206	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:05 UTC	851	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 16:23:05 UTC	1941	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Mon, 07 Oct 2024 16:23:05 GMT Date: Mon, 07 Oct 2024 16:23:05 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: YSC=E-HK0pPg2KE; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	172.217.16.142	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:06 UTC	894	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: YSC=E-HK0pPg2KE
2024-10-07 16:23:06 UTC	2530	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 16:23:06 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script' Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 16:53:06 GMT; Path=/; Secure; HttpOnly Set-Cookie: VISITOR_INFO1_LIVE=zbqCp_31a2c; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 16:23:06 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgMQ%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 16:23:06 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49744	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 16:23:11 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF4C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=174175 Date: Mon, 07 Oct 2024 16:23:10 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49749	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 16:23:11 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=174217 Date: Mon, 07 Oct 2024 16:23:11 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 16:23:11 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49756	142.250.186.174	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:14 UTC	1236	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1672771139&timestamp=1728318192264 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 16:23:14 UTC	1967	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: script-src 'report-sample' 'nonce-e_-c4CL3IOrBFOaoNOANVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 16:23:14 GMT Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Resource-Policy: cross-origin reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmJw1ZBikPj6kkkLiJ3SZ7CGAHHSv_OsJUB8ufsS63UgVu25xGoOxEUSV1hbgFiIm-PT1Ak72AR-LDgUr6SXlF8Yn5mSmleSWVKZkp-bmJmXnJ-fnZlaXJxaVJZaFG9kYGRiYGlkqWdgEV9gAAC2IS1E" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 16:23:14 UTC	1967	IN	Data Raw: 37 36 31 63 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 65 5f 2d 63 34 43 4c 33 49 4f 72 42 46 4f 61 6f 4e 4f 41 4e 56 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 761c<html><head><script nonce="e_-c4CL3IOrBFOaoNOANVg">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-07 16:23:14 UTC	1967	IN	Data Raw: 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c Data Ascii: =/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\
2024-10-07 16:23:14 UTC	1967	IN	Data Raw: 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 Data Ascii: {switch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&
2024-10-07 16:23:14 UTC	1967	IN	Data Raw: 69 6f 6e 28 61 29 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b Data Ascii: ion(a){var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){
2024-10-07 16:23:14 UTC	1967	IN	Data Raw: 0a 47 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f Data Ascii: G("Symbol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="functio
2024-10-07 16:23:14 UTC	1967	IN	Data Raw: 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 Data Ascii: th.random();e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);i
2024-10-07 16:23:14 UTC	1967	IN	Data Raw: 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 Data Ascii: ction(g){return g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="functi
2024-10-07 16:23:14 UTC	1967	IN	Data Raw: 2e 69 73 4e 61 4e 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 Data Ascii: .isNaN",function(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Ma
2024-10-07 16:23:14 UTC	1967	IN	Data Raw: 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e Data Ascii: sure__error__context__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=fun
2024-10-07 16:23:14 UTC	1967	IN	Data Raw: 74 72 69 6e 67 22 3a 62 72 65 61 6b 3b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b Data Ascii: tring":break;case "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49760	142.250.185.206	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:15 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 16:23:15 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 16:23:15 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49761	142.250.185.206	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:15 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 16:23:15 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 16:23:15 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49764	142.250.185.206	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:16 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 16:23:16 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 31 38 31 39 33 34 34 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728318193447",null,null,null
2024-10-07 16:23:16 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=VowBSA2DLNZWpb2zhdnXIfm9I7wWYuv9vgfgdljgL5jtZrPJ5lqywFPWDgS6duArhV5PuRy1ihCmd5HZvnfhKA_zZ9j5WtLC10VOwVryLk_SA2hFLFsVyB0KB9CrtrHhptpX77jv1YL5ee0CgV1Z_k1Gbhzn5gz8K071E7JvhOVEe9-rlA; expires=Tue, 08-Apr-2025 16:23:16 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 16:23:16 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 16:23:16 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 16:23:16 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 16:23:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49765	142.250.185.206	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:16 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 16:23:16 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 31 38 31 39 33 37 30 36 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728318193706",null,null,null
2024-10-07 16:23:16 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=w1oDihm8pZ1ywj4JUEWVYukw-7R-LtxueaeNlZGDvXmUmKg1siGAFOnM2airVW-oGvFYflqe309TdctwBAeeM_k5-edYWZ3iHWCXTfS-eMNfdNY9_XMT4tlqM948KYVhY4cEqs52qLm8U2M0ZQOXTy_os9ZFGVVig3Vz4AyLmRMuox42ow; expires=Tue, 08-Apr-2025 16:23:16 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 16:23:16 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 16:23:16 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 16:23:16 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 16:23:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49741	142.250.185.100	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:17 UTC	1213	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=w1oDihm8pZ1ywj4JUEWVYukw-7R-LtxueaeNlZGDvXmUmKg1siGAFOnM2airVW-oGvFYflqe309TdctwBAeeM_k5-edYWZ3iHWCXTfS-eMNfdNY9_XMT4tlqM948KYVhY4cEqs52qLm8U2M0ZQOXTy_os9ZFGVVig3Vz4AyLmRMuox42ow
2024-10-07 16:23:17 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 14:53:07 GMT Expires: Tue, 15 Oct 2024 14:53:07 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 5410 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 16:23:17 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 16:23:17 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-07 16:23:17 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 16:23:17 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-07 16:23:17 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49768	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:17 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=LZN2XkF3Mcns5MT&MD=KSGM31PM HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 16:23:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 477039db-e0b7-4830-ae53-02b438cfe97d MS-RequestId: 4f7794bd-c4e2-4709-a5a5-d494f3d694fa MS-CV: BxXLDYKrWUyUaulU.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 16:23:16 GMT Connection: close Content-Length: 24490
2024-10-07 16:23:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 16:23:18 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49780	142.250.185.206	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:23 UTC	1298	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1218 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=w1oDihm8pZ1ywj4JUEWVYukw-7R-LtxueaeNlZGDvXmUmKg1siGAFOnM2airVW-oGvFYflqe309TdctwBAeeM_k5-edYWZ3iHWCXTfS-eMNfdNY9_XMT4tlqM948KYVhY4cEqs52qLm8U2M0ZQOXTy_os9ZFGVVig3Vz4AyLmRMuox42ow
2024-10-07 16:23:23 UTC	1218	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 33 31 38 31 39 31 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728318191000",null,null,null,
2024-10-07 16:23:23 UTC	940	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=sih6NMMLFB5_TlZuLbbcuZ61IaaldW9IPCx5E1W5f_jidaWm6XlwLjqywLxKQ7wZzM9CO4EED4yB2Z1XzDHmqnp1bXxfwQ_mK53EFtlfP_94askILX1ItS6Mb52XeoDvdchIb2Zjwv1-Ki4cs1voLE7wYR3VrU5UK6QQc7uq-trxZdzrQUX5RNe0bQ; expires=Tue, 08-Apr-2025 16:23:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 16:23:23 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 16:23:23 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 16:23:23 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 16:23:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49781	142.250.185.206	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:46 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1132 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=sih6NMMLFB5_TlZuLbbcuZ61IaaldW9IPCx5E1W5f_jidaWm6XlwLjqywLxKQ7wZzM9CO4EED4yB2Z1XzDHmqnp1bXxfwQ_mK53EFtlfP_94askILX1ItS6Mb52XeoDvdchIb2Zjwv1-Ki4cs1voLE7wYR3VrU5UK6QQc7uq-trxZdzrQUX5RNe0bQ
2024-10-07 16:23:46 UTC	1132	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 31 38 32 32 34 30 38 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728318224084",null,null,null
2024-10-07 16:23:46 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 16:23:46 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 16:23:46 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 16:23:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49782	142.250.185.206	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:47 UTC	1288	OUT	POST /log?hasfast=true&authuser=0&format=json HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 891 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=sih6NMMLFB5_TlZuLbbcuZ61IaaldW9IPCx5E1W5f_jidaWm6XlwLjqywLxKQ7wZzM9CO4EED4yB2Z1XzDHmqnp1bXxfwQ_mK53EFtlfP_94askILX1ItS6Mb52XeoDvdchIb2Zjwv1-Ki4cs1voLE7wYR3VrU5UK6QQc7uq-trxZdzrQUX5RNe0bQ
2024-10-07 16:23:47 UTC	891	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
2024-10-07 16:23:47 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 16:23:47 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 16:23:47 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 16:23:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49783	142.250.185.206	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:48 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1377 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=sih6NMMLFB5_TlZuLbbcuZ61IaaldW9IPCx5E1W5f_jidaWm6XlwLjqywLxKQ7wZzM9CO4EED4yB2Z1XzDHmqnp1bXxfwQ_mK53EFtlfP_94askILX1ItS6Mb52XeoDvdchIb2Zjwv1-Ki4cs1voLE7wYR3VrU5UK6QQc7uq-trxZdzrQUX5RNe0bQ
2024-10-07 16:23:48 UTC	1377	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 31 38 32 32 36 35 38 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728318226585",null,null,null
2024-10-07 16:23:48 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 16:23:48 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 16:23:48 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 16:23:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49784	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:55 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=LZN2XkF3Mcns5MT&MD=KSGM31PM HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 16:23:56 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 3660dcb2-282a-4e9d-9842-81a9da063892 MS-RequestId: 7b069504-06df-4373-b845-f2ebc3f0d870 MS-CV: GBJO9QVxeki6ZtXF.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 16:23:55 GMT Connection: close Content-Length: 30005
2024-10-07 16:23:56 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-07 16:23:56 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:56 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:56 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:56 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Sun, 06 Oct 2024 16:59:23 GMT ETag: "0x8DCE6283A3FA58B" x-ms-request-id: 86eceaf5-401e-00a3-6fa2-188b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162356Z-1657d5bbd48t66tjar5xuq22r800000003tg000000001wzt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:56 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 16:23:56 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 16:23:56 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 16:23:56 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 16:23:56 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 16:23:56 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 16:23:56 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 16:23:56 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 16:23:56 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 16:23:56 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:57 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:57 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:57 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162357Z-1657d5bbd48xdq5dkwwugdpzr000000003z000000000w0k2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:57 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:57 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:57 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:57 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 4545068c-701e-0050-0e05-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162357Z-1657d5bbd48brl8we3nu8cxwgn00000003x00000000150mz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:57 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:57 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:57 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: d4448e94-101e-00a2-2703-179f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162357Z-1657d5bbd48tnj6wmberkg2xy800000003rg00000000wa5e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:57 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:57 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:57 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 28f6fc08-301e-0020-466a-176299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162357Z-1657d5bbd482krtfgrg72dfbtn00000003gg000000009sg5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:57 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:57 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:57 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:57 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c62b5fc1-401e-0067-3a60-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162357Z-1657d5bbd48dfrdj7px744zp8s00000003cg00000000v4eq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:57 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:57 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:58 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3ea0840d-701e-0053-1012-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162358Z-1657d5bbd4824mj9d6vp65b6n400000003wg00000000pp1n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:58 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:58 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:58 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162358Z-1657d5bbd48jwrqbupe3ktsx9w00000003wg00000000r3ms x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:58 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:58 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:58 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162358Z-1657d5bbd48vlsxxpe15ac3q7n00000003q000000000m33z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:58 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:58 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:58 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162358Z-1657d5bbd48cpbzgkvtewk0wu000000003t000000000mfrp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:58 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:58 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:58 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162358Z-1657d5bbd482lxwq1dp2t1zwkc00000003eg00000000mvfe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:58 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:58 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:58 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162358Z-1657d5bbd48tqvfc1ysmtbdrg000000003h000000000s6ph x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:58 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:58 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:58 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162358Z-1657d5bbd48brl8we3nu8cxwgn00000003z000000000vc1a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:58 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:58 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:58 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162358Z-1657d5bbd48t66tjar5xuq22r800000003r000000000d7pw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:58 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:58 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:58 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162358Z-1657d5bbd48wd55zet5pcra0cg00000003sg000000005zv1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:58 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:58 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:58 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162358Z-1657d5bbd48wd55zet5pcra0cg00000003t0000000003q8q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:58 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:59 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:59 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162359Z-1657d5bbd48cpbzgkvtewk0wu000000003u000000000g04m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:59 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:59 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:59 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162359Z-1657d5bbd48cpbzgkvtewk0wu000000003v000000000b7uu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:59 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49805	13.107.246.45	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:59 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:59 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162359Z-1657d5bbd4824mj9d6vp65b6n400000003wg00000000pp69 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:59 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:59 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:23:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:59 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162359Z-1657d5bbd48dfrdj7px744zp8s00000003c000000000z9mp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:23:59 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:23:59 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:23:59 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162359Z-1657d5bbd48jwrqbupe3ktsx9w00000003yg00000000cc91 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:00 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:00 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162400Z-1657d5bbd48sqtlf1huhzuwq7000000003k0000000000szw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:00 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:00 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:00 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162400Z-1657d5bbd482lxwq1dp2t1zwkc00000003h0000000008erx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:00 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:00 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:00 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f57b7c9f-801e-00a0-4a13-172196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162400Z-1657d5bbd48wd55zet5pcra0cg00000003t0000000003qdw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:00 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:00 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:00 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: d112c6a6-a01e-000d-2160-17d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162400Z-1657d5bbd48dfrdj7px744zp8s00000003c000000000z9ph x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:00 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:01 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:01 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162401Z-1657d5bbd48xsz2nuzq4vfrzg800000003m000000000gx43 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:01 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:01 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:01 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: c530354f-501e-0016-5013-17181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162401Z-1657d5bbd482krtfgrg72dfbtn00000003dg00000000rqs4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:01 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:01 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:01 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 40323690-a01e-0002-0100-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162401Z-1657d5bbd48q6t9vvmrkd293mg00000003n000000000u7sn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:01 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:01 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:01 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d415a278-e01e-0051-6efe-1684b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162401Z-1657d5bbd48qjg85buwfdynm5w00000003qg0000000119zf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:01 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49813	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:01 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:01 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162401Z-1657d5bbd487nf59mzf5b3gk8n00000003a000000000qcgr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:01 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:01 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:01 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 7c825ef0-601e-0001-5f02-17faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162401Z-1657d5bbd48q6t9vvmrkd293mg00000003sg000000006bp2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:01 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:01 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:01 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 4c0632d0-601e-0097-4413-17f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162401Z-1657d5bbd48xsz2nuzq4vfrzg800000003k000000000nch0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:01 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:01 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:02 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: b8f8ddc8-601e-0001-115a-17faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162402Z-1657d5bbd48dfrdj7px744zp8s00000003f000000000gsct x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:02 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:01 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:01 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162401Z-1657d5bbd48xdq5dkwwugdpzr0000000042g00000000a90w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:02 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:02 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:02 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162402Z-1657d5bbd48jwrqbupe3ktsx9w00000003wg00000000r481 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:02 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:02 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:02 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162402Z-1657d5bbd48jwrqbupe3ktsx9w00000003w000000000sp7q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:02 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:02 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:02 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162402Z-1657d5bbd48gqrfwecymhhbfm800000002e00000000109tf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:02 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:02 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:02 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162402Z-1657d5bbd48gqrfwecymhhbfm800000002k000000000dg4k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:02 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:02 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:02 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162402Z-1657d5bbd48t66tjar5xuq22r800000003p000000000pz1y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:02 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:03 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:03 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 53f69819-801e-0048-7802-17f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162403Z-1657d5bbd48wd55zet5pcra0cg00000003s0000000008d2b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:03 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:03 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:03 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 678daa67-201e-00aa-3f60-173928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162403Z-1657d5bbd48sdh4cyzadbb374800000003ng000000004v3q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:03 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:03 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:03 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: b2c548d6-d01e-0082-4f03-17e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162403Z-1657d5bbd48f7nlxc7n5fnfzh0000000037g000000014cug x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:03 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:03 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:03 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162403Z-1657d5bbd48cpbzgkvtewk0wu000000003rg00000000vxr9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:03 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:03 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:03 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 5a5a1e5c-a01e-001e-18f5-1649ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162403Z-1657d5bbd48tnj6wmberkg2xy800000003v000000000ax8t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:03 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:03 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:03 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162403Z-1657d5bbd48tnj6wmberkg2xy800000003r000000000x7d7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:04 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:04 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:04 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: cb78c1b2-201e-003f-2e04-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162404Z-1657d5bbd48wd55zet5pcra0cg00000003tg000000001nkk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:04 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:04 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:04 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162404Z-1657d5bbd48tqvfc1ysmtbdrg000000003p0000000006dru x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:04 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:04 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:04 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: cc92db4a-701e-0053-3460-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162404Z-1657d5bbd48f7nlxc7n5fnfzh0000000039g00000000vc92 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:04 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:04 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:04 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162404Z-1657d5bbd48tnj6wmberkg2xy800000003u000000000e8xe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:04 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:04 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 1ed82642-401e-0048-7b12-170409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162404Z-1657d5bbd48sdh4cyzadbb374800000003hg00000000k904 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:04 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:04 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: cde3aec9-601e-0084-63e5-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162404Z-1657d5bbd48762wn1qw4s5sd3000000003hg00000000rfyr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:04 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:04 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162404Z-1657d5bbd482lxwq1dp2t1zwkc00000003d000000000uk13 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:04 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:04 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 678513bd-b01e-0053-4460-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162404Z-1657d5bbd48qjg85buwfdynm5w00000003wg000000005gg2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:05 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:05 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:05 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 46a5aa72-701e-0032-6004-17a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162405Z-1657d5bbd48cpbzgkvtewk0wu000000003v000000000b84f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:05 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:05 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:05 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162405Z-1657d5bbd48tqvfc1ysmtbdrg000000003h000000000s75h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:05 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:05 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:05 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162405Z-1657d5bbd48vhs7r2p1ky7cs5w000000042000000000cnw4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:05 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:05 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:05 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162405Z-1657d5bbd48t66tjar5xuq22r800000003t0000000004dmf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:05 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:05 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:05 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162405Z-1657d5bbd48sdh4cyzadbb374800000003p0000000003fmy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:05 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:05 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:05 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: e72b6989-501e-005b-2b00-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162405Z-1657d5bbd48xsz2nuzq4vfrzg800000003k000000000ncw0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:05 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:06 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:06 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 0377c3fc-101e-000b-65dc-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162406Z-1657d5bbd48gqrfwecymhhbfm800000002eg00000000xn3v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:06 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:06 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:06 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162406Z-1657d5bbd48cpbzgkvtewk0wu000000003v000000000b86y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:06 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:06 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:06 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162406Z-1657d5bbd48xdq5dkwwugdpzr000000003yg00000000x99q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:06 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:06 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:06 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162406Z-1657d5bbd48tnj6wmberkg2xy800000003s000000000t8f6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:06 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:06 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:06 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162406Z-1657d5bbd48xlwdx82gahegw4000000003z0000000008rpx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:06 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49850	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:06 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:07 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: b67c2655-301e-0096-2300-17e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162407Z-1657d5bbd48f7nlxc7n5fnfzh0000000037g000000014d2h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:07 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49851	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:07 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:07 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162407Z-1657d5bbd48brl8we3nu8cxwgn000000042g000000009xpm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:07 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:07 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:07 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 763e8d43-601e-000d-6912-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162407Z-1657d5bbd48jwrqbupe3ktsx9w00000003y000000000eky8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:07 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:07 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:07 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 897bc565-f01e-0096-5e60-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162407Z-1657d5bbd48dfrdj7px744zp8s00000003kg000000001gqx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:07 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:07 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:07 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162407Z-1657d5bbd482krtfgrg72dfbtn00000003dg00000000rr2s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:07 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:07 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:07 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162407Z-1657d5bbd482krtfgrg72dfbtn00000003k0000000003h1t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:07 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:07 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:07 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162407Z-1657d5bbd48dfrdj7px744zp8s00000003gg00000000a8dz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:07 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:07 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: f196d52c-b01e-0002-1604-171b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162407Z-1657d5bbd48q6t9vvmrkd293mg00000003p000000000pvcz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:07 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:07 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 2f576d96-401e-0047-3902-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162407Z-1657d5bbd48jwrqbupe3ktsx9w00000003ug00000000zw4x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:08 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:08 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162408Z-1657d5bbd482lxwq1dp2t1zwkc00000003k00000000034cb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:08 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:08 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:08 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162408Z-1657d5bbd48sqtlf1huhzuwq7000000003f000000000et4b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:08 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:08 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:08 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162408Z-1657d5bbd48gqrfwecymhhbfm800000002mg0000000076va x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:08 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:08 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:08 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162408Z-1657d5bbd48f7nlxc7n5fnfzh0000000039g00000000vckf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:08 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:08 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:08 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162408Z-1657d5bbd48sdh4cyzadbb374800000003f000000000yx37 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:08 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:09 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:09 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162409Z-1657d5bbd48762wn1qw4s5sd3000000003fg000000013d6n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:09 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:09 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:09 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162409Z-1657d5bbd48brl8we3nu8cxwgn000000041000000000gabv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:09 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:09 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:09 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162409Z-1657d5bbd482krtfgrg72dfbtn00000003g000000000byrn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:09 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:09 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:09 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162409Z-1657d5bbd487nf59mzf5b3gk8n00000003a000000000qczb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:09 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49869	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:09 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:09 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162409Z-1657d5bbd48dfrdj7px744zp8s00000003gg00000000a8k4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:09 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49870	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:09 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:09 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162409Z-1657d5bbd482lxwq1dp2t1zwkc00000003eg00000000mwg6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:09 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:10 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:10 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162410Z-1657d5bbd48xsz2nuzq4vfrzg800000003f00000000136f7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:10 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:10 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:10 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162410Z-1657d5bbd48xdq5dkwwugdpzr0000000041000000000hv21 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:10 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:10 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:10 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: cb759915-201e-003f-5f03-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162410Z-1657d5bbd48wd55zet5pcra0cg00000003r000000000cv7s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:10 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:10 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:10 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162410Z-1657d5bbd4824mj9d6vp65b6n4000000040000000000518e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:10 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:10 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:10 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 03c3f781-101e-000b-56fe-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162410Z-1657d5bbd48t66tjar5xuq22r800000003m0000000010b4s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:10 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49876	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:10 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:10 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 6ed4a116-c01e-0034-079f-182af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162410Z-1657d5bbd48hzllksrq1r6zsvs000000010g000000006vcf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:10 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:11 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:11 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: c7b66cba-b01e-005c-04ff-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162411Z-1657d5bbd48wd55zet5pcra0cg00000003ng00000000scka x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:11 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49877	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:11 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:11 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162411Z-1657d5bbd48f7nlxc7n5fnfzh000000003dg0000000076bs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:11 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:11 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:11 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162411Z-1657d5bbd48sdh4cyzadbb374800000003pg0000000014rm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:11 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49880	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:11 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:11 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162411Z-1657d5bbd48tnj6wmberkg2xy800000003u000000000e9g5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:11 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:11 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:11 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 3a04fc40-501e-007b-3b73-175ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162411Z-1657d5bbd48sdh4cyzadbb374800000003f000000000yx82 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:11 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:11 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:11 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162411Z-1657d5bbd482krtfgrg72dfbtn00000003d000000000sxmc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:11 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:11 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:11 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162411Z-1657d5bbd48tqvfc1ysmtbdrg000000003h000000000s7mz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:11 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:11 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:11 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162411Z-1657d5bbd48xdq5dkwwugdpzr0000000040g00000000nat1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:11 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49885	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:12 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:12 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 87e26173-201e-0051-15e7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162412Z-1657d5bbd48q6t9vvmrkd293mg00000003s0000000008x7x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:12 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:12 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:12 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fcca05a5-501e-00a0-3202-179d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162412Z-1657d5bbd482tlqpvyz9e93p5400000003s000000000rg9k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:12 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:12 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:12 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 740c05bf-801e-008c-4478-187130000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162412Z-1657d5bbd48hzllksrq1r6zsvs000000010g000000006vfs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:12 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:12 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:12 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: fbb49b00-e01e-00aa-4806-17ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162412Z-1657d5bbd48qjg85buwfdynm5w00000003xg000000000t4u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:12 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:12 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:12 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162412Z-1657d5bbd48cpbzgkvtewk0wu000000003s000000000u2un x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:12 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:13 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:13 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162413Z-1657d5bbd48sdh4cyzadbb374800000003n000000000767t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:13 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:13 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:13 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162413Z-1657d5bbd48762wn1qw4s5sd3000000003gg00000000w8cu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:13 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:13 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:13 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162413Z-1657d5bbd48xdq5dkwwugdpzr000000003yg00000000x9t8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:13 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49893	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:13 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:13 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162413Z-1657d5bbd48wd55zet5pcra0cg00000003m000000000ymxe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:13 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:13 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:13 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162413Z-1657d5bbd48tqvfc1ysmtbdrg000000003n000000000a9t8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:13 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:13 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:13 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 4d5cca78-701e-0021-6ae5-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162413Z-1657d5bbd48xdq5dkwwugdpzr0000000040g00000000nawn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:14 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:14 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:14 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162414Z-1657d5bbd48xdq5dkwwugdpzr000000003x0000000015vmd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:14 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:14 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:14 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 76dbcc6a-501e-0035-36ed-16c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162414Z-1657d5bbd48wd55zet5pcra0cg00000003n000000000tc3c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:14 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:14 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:14 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 838d785c-001e-0014-24fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162414Z-1657d5bbd48jwrqbupe3ktsx9w00000003wg00000000r5hw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:14 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:14 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:14 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4d8e5842-701e-0021-0efe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162414Z-1657d5bbd48brl8we3nu8cxwgn00000003yg00000000y1m5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:14 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:14 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:14 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162414Z-1657d5bbd48gqrfwecymhhbfm800000002gg00000000nv6r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:14 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:14 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:14 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162414Z-1657d5bbd482lxwq1dp2t1zwkc00000003f000000000hb39 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:14 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49902	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:14 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:14 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162414Z-1657d5bbd48lknvp09v995n79000000003ag00000000p4de x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:14 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:15 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:15 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: ca2bab4f-201e-0071-5e14-17ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162415Z-1657d5bbd48wd55zet5pcra0cg00000003ng00000000scry x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:15 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49904	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:15 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:15 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162415Z-1657d5bbd48qjg85buwfdynm5w00000003vg0000000096e1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:15 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49905	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:15 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:15 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162415Z-1657d5bbd48762wn1qw4s5sd3000000003gg00000000w8mt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:15 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49907	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:15 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:15 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162415Z-1657d5bbd48762wn1qw4s5sd3000000003mg00000000e09n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:15 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49906	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:15 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:15 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162415Z-1657d5bbd482lxwq1dp2t1zwkc00000003kg0000000011vc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:15 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:15 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:15 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162415Z-1657d5bbd48xdq5dkwwugdpzr0000000043g000000005vqk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:15 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49909	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:15 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:15 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: cad35e9e-b01e-0021-3602-17cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162415Z-1657d5bbd48brl8we3nu8cxwgn00000003yg00000000y1s3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:15 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49912	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:16 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:16 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162416Z-1657d5bbd48wd55zet5pcra0cg00000003s0000000008dyx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:16 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.4	49911	142.250.186.110	443	8020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:16 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1585 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=sih6NMMLFB5_TlZuLbbcuZ61IaaldW9IPCx5E1W5f_jidaWm6XlwLjqywLxKQ7wZzM9CO4EED4yB2Z1XzDHmqnp1bXxfwQ_mK53EFtlfP_94askILX1ItS6Mb52XeoDvdchIb2Zjwv1-Ki4cs1voLE7wYR3VrU5UK6QQc7uq-trxZdzrQUX5RNe0bQ
2024-10-07 16:24:16 UTC	1585	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 31 38 32 35 34 34 34 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728318254448",null,null,null
2024-10-07 16:24:16 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 16:24:16 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 16:24:16 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 16:24:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49913	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:16 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:16 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162416Z-1657d5bbd48762wn1qw4s5sd3000000003f000000001542r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:16 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49914	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:16 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:16 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162416Z-1657d5bbd48sdh4cyzadbb374800000003mg00000000a337 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:16 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49915	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:16 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:16 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: c7b470af-b01e-005c-24fe-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162416Z-1657d5bbd4824mj9d6vp65b6n400000003y000000000eh1p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:16 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49916	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:16 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:16 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162416Z-1657d5bbd48jwrqbupe3ktsx9w00000003ug00000000zx3n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:16 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49917	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:16 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:16 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162416Z-1657d5bbd48tqvfc1ysmtbdrg000000003m000000000enay x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:16 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49919	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:17 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:17 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 838d7376-001e-0014-17fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162417Z-1657d5bbd48xdq5dkwwugdpzr0000000044g00000000107v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:17 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49918	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:17 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:17 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 7d18055e-701e-0098-56ff-16395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162417Z-1657d5bbd48brl8we3nu8cxwgn000000041g00000000etwp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:17 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49920	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:17 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:17 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: b1fbfe33-a01e-003d-4fd4-1698d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162417Z-1657d5bbd48vhs7r2p1ky7cs5w00000004400000000030w7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:17 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49921	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:24:17 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 16:24:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:24:17 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 770fdf22-501e-0035-0d02-17c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T162417Z-1657d5bbd48cpbzgkvtewk0wu000000003s000000000u31b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 16:24:17 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Target ID:	0
Start time:	12:22:58
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7d0000
File size:	919'040 bytes
MD5 hash:	FD380025AB8F4ED49C30F016615DC9E2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialFlusher, Description: Yara detected Credential Flusher, Source: 00000000.00000002.2940254700.0000000001578000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	12:22:59
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x700000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	12:22:59
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	12:22:59
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x700000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	12:22:59
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	12:22:59
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x700000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:22:59
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:22:59
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x700000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	12:22:59
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	12:23:00
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x700000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:23:00
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	12:23:01
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	12:23:02
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	12:23:13
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5632 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	12:23:13
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=2008,i,10856147896330441231,18003949655692522972,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.5%
Total number of Nodes:	1518
Total number of Limit Nodes:	49

Executed Functions

Function 007D42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 007D430D

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

GetCurrentProcess.KERNEL32(?,0086CB64,00000000,?,?), ref: 007D4422
IsWow64Process.KERNEL32(00000000,?,?), ref: 007D4429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 007D4454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 007D4466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 007D4474
FreeLibrary.KERNEL32(00000000,?,?), ref: 007D447B
GetSystemInfo.KERNEL32(?,?,?), ref: 007D44A0

Strings

kernel32.dll, xrefs: 007D444F
|O, xrefs: 008136F8
GetNativeSystemInfo, xrefs: 007D4460

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: ee3f4a6a926c8bf292596d7f0e9f2a3aae4329d8b9773f22be47a019df898c57
Instruction ID: a0bfde3303356c2782a714f7c07fb27f96d89510e44a877b3861aefe5fd81f6a
Opcode Fuzzy Hash: ee3f4a6a926c8bf292596d7f0e9f2a3aae4329d8b9773f22be47a019df898c57
Instruction Fuzzy Hash: 1AA1936590A2C0DFEF11CF69BC491E67FB8BB27340F1858AAD18197F61D67C4988CB21

Function 007D42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,007D50AA,?,?,00000000,00000000), ref: 007D42B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007D50AA,?,?,00000000,00000000), ref: 007D42C9
LoadResource.KERNEL32(?,00000000,?,?,007D50AA,?,?,00000000,00000000,?,?,?,?,?,?,007D4F20), ref: 008135BE
SizeofResource.KERNEL32(?,00000000,?,?,007D50AA,?,?,00000000,00000000,?,?,?,?,?,?,007D4F20), ref: 008135D3
LockResource.KERNEL32(007D50AA,?,?,007D50AA,?,?,00000000,00000000,?,?,?,?,?,?,007D4F20,?), ref: 008135E6

Strings

SCRIPT, xrefs: 007D42BF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 97ffabeb1630b9181613d6d9df259090a7a7cddbb4eb57a86fda96ed7d337a91
Instruction ID: bef02cb194056dce52f34f2dfcd0e0748e5fba99cfbd075ef469fe4f53613092
Opcode Fuzzy Hash: 97ffabeb1630b9181613d6d9df259090a7a7cddbb4eb57a86fda96ed7d337a91
Instruction Fuzzy Hash: 6F117C71200701BFEB218B65DC48F677BBAFBC5B51F15416AF856D6250DBB1E8008660

Function 00812BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 007D2B6B

Part of subcall function 007D3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,008A1418,?,007D2E7F,?,?,?,00000000), ref: 007D3A78

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00892224), ref: 00812C10
ShellExecuteW.SHELL32(00000000,?,?,00892224), ref: 00812C17

Strings

runas, xrefs: 00812C0B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 8ede9e1559d20f72addbef5f2f2147ef511ad48cfd36a2337c6c22ed9b895935
Instruction ID: a3e9a67048c1167a3fe416750f60a72bd27be8ed1ac4a09940147de8f8a842d1
Opcode Fuzzy Hash: 8ede9e1559d20f72addbef5f2f2147ef511ad48cfd36a2337c6c22ed9b895935
Instruction Fuzzy Hash: B711D231208241EADB04FF64D8599BEBBB5FFA5750F04142FF186823A3DF6C894A8712

Function 0085A67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0085A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 0085A6BA

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Process32NextW.KERNEL32(00000000,?), ref: 0085A79C
CloseHandle.KERNELBASE(00000000), ref: 0085A7AB

Part of subcall function 007ECE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00813303,?), ref: 007ECE8A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 78d78a8347176de5a607402c4c929828362c4d6fdc30a02fce4480541497eaf3
Instruction ID: ec0196fc160b5efc5a98d68b565118446e13228d187ddfddd41e23352c7f7aaf
Opcode Fuzzy Hash: 78d78a8347176de5a607402c4c929828362c4d6fdc30a02fce4480541497eaf3
Instruction Fuzzy Hash: 07513971508340AFD314EF25C886A6BBBF8FF89754F00491EF98597291EB74E904CB92

Function 0083DBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00815222), ref: 0083DBCE
GetFileAttributesW.KERNELBASE(?), ref: 0083DBDD
FindFirstFileW.KERNEL32(?,?), ref: 0083DBEE
FindClose.KERNEL32(00000000), ref: 0083DBFA

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 7672076da8f277fc62cb8c6bceba95732052c8c7df1b80b1062385e9ac4c5d77
Instruction ID: 6cc1cdc8f9ab526b69dd2bd3342de2da68d6266c416b5989cf4d133a0acbe677
Opcode Fuzzy Hash: 7672076da8f277fc62cb8c6bceba95732052c8c7df1b80b1062385e9ac4c5d77
Instruction Fuzzy Hash: CAF0A070820A145782206B78AC0D8BA776CFF82334F106702F8B6C22E0EBF0995686D5

Function 0085AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 0085B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0085B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0085B1D4
_wcslen.LIBCMT ref: 0085B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0085B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0085B236
_wcslen.LIBCMT ref: 0085B332

Part of subcall function 008405A7: GetStdHandle.KERNEL32(000000F6), ref: 008405C6

_wcslen.LIBCMT ref: 0085B34B
_wcslen.LIBCMT ref: 0085B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0085B3B6
GetLastError.KERNEL32(00000000), ref: 0085B407
CloseHandle.KERNEL32(?), ref: 0085B439
CloseHandle.KERNEL32(00000000), ref: 0085B44A
CloseHandle.KERNEL32(00000000), ref: 0085B45C
CloseHandle.KERNEL32(00000000), ref: 0085B46E
CloseHandle.KERNEL32(?), ref: 0085B4E3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 9c67784f5b884acdc732ee540c8aa8af1f085620894673076830705fcadca606
Instruction ID: 7b2ef1893a36b89d1627303fe31c5fc38e97c49753ab98c04b3b52e98780922c
Opcode Fuzzy Hash: 9c67784f5b884acdc732ee540c8aa8af1f085620894673076830705fcadca606
Instruction Fuzzy Hash: F5F16931608240DFC724EF24C895A6ABBE1FF85314F14855EF8999B3A2DB35EC48CB52

Function 007DD730 Relevance: 21.6, APIs: 14, Instructions: 625sleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 007DD807
timeGetTime.WINMM ref: 007DDA07
Sleep.KERNELBASE(0000000A), ref: 007DDBB1
Sleep.KERNEL32(0000000A), ref: 00822B76

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Sleep$InputStateTimetime
String ID:
API String ID: 2764417729-0
Opcode ID: 9654d547a0202352e80ba1b1587d758f123c751fcd499e95aa3ce78f79750136
Instruction ID: e5af3c6081de3272032d17ff15709de394c4cd15f06e04fc3bff53909bb7b099
Opcode Fuzzy Hash: 9654d547a0202352e80ba1b1587d758f123c751fcd499e95aa3ce78f79750136
Instruction Fuzzy Hash: 8A42F070608251EFDB35CF24C898B6ABBB0FF86314F14851AE49687391D779EC84CB92

Function 007D2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 007D2D07
RegisterClassExW.USER32(00000030), ref: 007D2D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007D2D42
InitCommonControlsEx.COMCTL32(?), ref: 007D2D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007D2D6F
LoadIconW.USER32(000000A9), ref: 007D2D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007D2D94

Strings

+, xrefs: 007D2CF0
0, xrefs: 007D2CE9
TaskbarCreated, xrefs: 007D2D37
AutoIt v3 GUI, xrefs: 007D2D23

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: bc003ee842a47a78697939dfa2b669dfb962b3ae74b771a5e0d4b3ac121fa736
Instruction ID: d4a68b541aa0f249e5bb4a1eb575c74fc08f1ca655e3e5e7d211e000c9652f04
Opcode Fuzzy Hash: bc003ee842a47a78697939dfa2b669dfb962b3ae74b771a5e0d4b3ac121fa736
Instruction Fuzzy Hash: 2F21E0B5901318AFEF00DFA8E889BEEBFB4FB09701F00911AF651A62A0D7B55544CF91

Function 0081065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0081039A: CreateFileW.KERNELBASE(00000000,00000000,?,00810704,?,?,00000000,?,00810704,00000000,0000000C), ref: 008103B7

GetLastError.KERNEL32 ref: 0081076F
__dosmaperr.LIBCMT ref: 00810776
GetFileType.KERNELBASE(00000000), ref: 00810782
GetLastError.KERNEL32 ref: 0081078C
__dosmaperr.LIBCMT ref: 00810795
CloseHandle.KERNEL32(00000000), ref: 008107B5
CloseHandle.KERNEL32(?), ref: 008108FF
GetLastError.KERNEL32 ref: 00810931
__dosmaperr.LIBCMT ref: 00810938

Strings

H, xrefs: 008108BD

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: fcdf90714a501250fa68fbd55047c319de87c3a1ca508b89dae1448b6fe487d1
Instruction ID: e1031f20bc74ce7b642b721f376c465629e553111624e377c6a26bcdfca86f10
Opcode Fuzzy Hash: fcdf90714a501250fa68fbd55047c319de87c3a1ca508b89dae1448b6fe487d1
Instruction Fuzzy Hash: FAA1F032A041088FDF19AF68DC95BEE7BA4FF06324F140159E815EB3D2DA759892CF91

Function 007D344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007D3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,008A1418,?,007D2E7F,?,?,?,00000000), ref: 007D3A78

Part of subcall function 007D3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007D3379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 007D356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0081318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008131CE
RegCloseKey.ADVAPI32(?), ref: 00813210
_wcslen.LIBCMT ref: 00813277
_wcslen.LIBCMT ref: 00813286

Strings

Software\AutoIt v3\AutoIt, xrefs: 007D3560
\Include\, xrefs: 007D3527
\, xrefs: 0081328C
Include, xrefs: 00813184, 008131C5

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 40f75dc344d16e2e1c24a8e713a56672fa15269fabc55372599838ae5c944b27
Instruction ID: 8046b023401d41a2a6274205a98d62100ed52ed98f88ee7aa44ee3abb719426f
Opcode Fuzzy Hash: 40f75dc344d16e2e1c24a8e713a56672fa15269fabc55372599838ae5c944b27
Instruction Fuzzy Hash: 35715B71504301AED724EF69DC859ABBBF8FF86740B40442EF585C3670EB799A48CB62

Function 007D2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 007D2B8E
LoadCursorW.USER32(00000000,00007F00), ref: 007D2B9D
LoadIconW.USER32(00000063), ref: 007D2BB3
LoadIconW.USER32(000000A4), ref: 007D2BC5
LoadIconW.USER32(000000A2), ref: 007D2BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007D2BEF
RegisterClassExW.USER32(?), ref: 007D2C40

Part of subcall function 007D2CD4: GetSysColorBrush.USER32(0000000F), ref: 007D2D07
Part of subcall function 007D2CD4: RegisterClassExW.USER32(00000030), ref: 007D2D31
Part of subcall function 007D2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007D2D42
Part of subcall function 007D2CD4: InitCommonControlsEx.COMCTL32(?), ref: 007D2D5F
Part of subcall function 007D2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007D2D6F
Part of subcall function 007D2CD4: LoadIconW.USER32(000000A9), ref: 007D2D85
Part of subcall function 007D2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007D2D94

Strings

#, xrefs: 007D2C16
AutoIt v3, xrefs: 007D2C2F
0, xrefs: 007D2C0F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 4fe8ea59ef1b1f2e10dca2f14db1c6db6dc2c499b4b785b158da1ad3e4d8fad3
Instruction ID: 5f8846bd94ecc5270a0153e081dfad5d2c8366eb406e3807554112e1989d0e0c
Opcode Fuzzy Hash: 4fe8ea59ef1b1f2e10dca2f14db1c6db6dc2c499b4b785b158da1ad3e4d8fad3
Instruction Fuzzy Hash: BD211A74E00318AFEF109FA9EC59BA97FF4FB49B50F04501AE504A6BA0D7B90540CF90

Function 007D3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,007D316A,?,?), ref: 007D31D8
KillTimer.USER32(?,00000001,?,?,?,?,?,007D316A,?,?), ref: 007D3204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007D3227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,007D316A,?,?), ref: 007D3232
CreatePopupMenu.USER32 ref: 007D3246
PostQuitMessage.USER32(00000000), ref: 007D3267

Strings

TaskbarCreated, xrefs: 007D322D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 4332747bc5689926b26afe520cc7dc5bfb53a9ccde908baee505a478e7fcbdb5
Instruction ID: 3da417bff3bfe66b0327c30a93be2ae3c7fe8c88c44258710ddf6793a041724e
Opcode Fuzzy Hash: 4332747bc5689926b26afe520cc7dc5bfb53a9ccde908baee505a478e7fcbdb5
Instruction Fuzzy Hash: AB41F935640609A7EF145FBCAC5DBBA3A79FB06340F080127F551C6BA1C7AE9A4097A3

Function 007D2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007D2C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007D2CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,007D1CAD,?), ref: 007D2CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,007D1CAD,?), ref: 007D2CCF

Strings

edit, xrefs: 007D2CAC
AutoIt v3, xrefs: 007D2C89, 007D2C8E, 007D2C8F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: a0a869455af8174e649012c85908afdbceb655b34838265339a057344cac8c7c
Instruction ID: 8cc876c0da265732181f19b20769dc22dcbf52a58d6cc632f7ba0e22ac90898a
Opcode Fuzzy Hash: a0a869455af8174e649012c85908afdbceb655b34838265339a057344cac8c7c
Instruction Fuzzy Hash: DAF0DA765402A07AFF311B17AC0DE772EBDF7C7F60F01105AF900A2AA0C6A91850DBB0

Function 007D3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,007D3B0F,SwapMouseButtons,00000004,?), ref: 007D3B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,007D3B0F,SwapMouseButtons,00000004,?), ref: 007D3B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,007D3B0F,SwapMouseButtons,00000004,?), ref: 007D3B83

Strings

Control Panel\Mouse, xrefs: 007D3B3E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: f519f6d519e2c63645c26eddd5b68002d1f0685959ac089df1a643a20dca4c5f
Instruction ID: b10281e70d386c298b4bcb8fb2efe734a629ac003372f586d4372f91dbdd9881
Opcode Fuzzy Hash: f519f6d519e2c63645c26eddd5b68002d1f0685959ac089df1a643a20dca4c5f
Instruction Fuzzy Hash: E01127B5610208FFDB208FA5DC85AAEBBB8EF04744B10846BE845D7210E2759E409BA1

Function 007D3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008133A2

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 007D3A04

Strings

Line: , xrefs: 008133EB

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: 3718aabfe9c8863fdd85cb120ea50a8ffc18363216799e771a6d33d34348899d
Instruction ID: 7c9eb3bbe55b869a88ba4c6d1959298e26be33727c81a3ed7222cc6d1848cc75
Opcode Fuzzy Hash: 3718aabfe9c8863fdd85cb120ea50a8ffc18363216799e771a6d33d34348899d
Instruction Fuzzy Hash: D131C471508304AADB21EB10DC49BEBB7ECBF41714F00452BF59982791DB78AA48C7D3

Function 007EFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 007F0668

Part of subcall function 007F32A4: RaiseException.KERNEL32(?,?,?,007F068A,?,008A1444,?,?,?,?,?,?,007F068A,007D1129,00898738,007D1129), ref: 007F3304

__CxxThrowException@8.LIBVCRUNTIME ref: 007F0685

Strings

Unknown exception, xrefs: 007F0692

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 5b096595640810be5432303561e84a92708ce708c91822821a61cb251ec9a361
Instruction ID: aa938632555f7bdcbc80cb8708df346a0401f2cd6a279eccde29245edece519a
Opcode Fuzzy Hash: 5b096595640810be5432303561e84a92708ce708c91822821a61cb251ec9a361
Instruction Fuzzy Hash: CCF0A42490020DF7CF04B6A5DC5AD7E7B6CAE40350B604131BB24D6792EF79DA2585C0

Function 007D10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 007D1BF4
Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 007D1BFC
Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 007D1C07
Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 007D1C12
Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 007D1C1A
Part of subcall function 007D1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 007D1C22

Part of subcall function 007D1B4A: RegisterWindowMessageW.USER32(00000004,?,007D12C4), ref: 007D1BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 007D136A
OleInitialize.OLE32 ref: 007D1388
CloseHandle.KERNEL32(00000000,00000000), ref: 008124AB

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: e446813c92b380dcc48f33dd9e728c1d71eea4583599ea7deed0abb830c19399
Instruction ID: c47aa49d03b851c6db8bd69bfd923cc08e7c12e77024e115b762eaf46e744b15
Opcode Fuzzy Hash: e446813c92b380dcc48f33dd9e728c1d71eea4583599ea7deed0abb830c19399
Instruction Fuzzy Hash: 5A71CEB8D112108FEF84EFB9A84D6653AE1FB8B384F45823AD15AC7B61EB384444CF44

Function 0083C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 007D3A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0083C259
KillTimer.USER32(?,00000001,?,?), ref: 0083C261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0083C270

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 163b780d20a17992ef2c483b7f682ea0f1d6f9d4d4d5ff2c4e2bc4b9075e7c7d
Instruction ID: b3d187a22b8a5885be2fc1db3e21c6ac0db52172cbc49f50e1f7b90101f45e4f
Opcode Fuzzy Hash: 163b780d20a17992ef2c483b7f682ea0f1d6f9d4d4d5ff2c4e2bc4b9075e7c7d
Instruction Fuzzy Hash: 1D319570904354AFEB229F648855BEBBBECFF46308F04049AD5DAA7241C7745A84CB91

Function 008086AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,008085CC,?,00898CC8,0000000C), ref: 00808704
GetLastError.KERNEL32(?,008085CC,?,00898CC8,0000000C), ref: 0080870E
__dosmaperr.LIBCMT ref: 00808739

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: adeb01f5326bb7daaa644d69b933657b00626889729a586fbfd3419fbab8adf3
Instruction ID: 5b15648b182fcab9cc7b1b24b37a7731572a079bcebe4916497df5d7b4f05ec0
Opcode Fuzzy Hash: adeb01f5326bb7daaa644d69b933657b00626889729a586fbfd3419fbab8adf3
Instruction Fuzzy Hash: 19016F336052209AD6E062385C5977F6B45FBA3774F370119F864DB2D2DEA28CC18651

Function 007DDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 007DDB7B
DispatchMessageW.USER32(?), ref: 007DDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007DDB9F
Sleep.KERNELBASE(0000000A), ref: 007DDBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00821CC9

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 1a4ebb62a6dc8b9ee9ae7581412b009c29a5d2105a690c661d076a9354b0a97c
Instruction ID: 13b73ff500b00d270c1648a132dc2036efb39b4097c01288961f06d472c88f50
Opcode Fuzzy Hash: 1a4ebb62a6dc8b9ee9ae7581412b009c29a5d2105a690c661d076a9354b0a97c
Instruction Fuzzy Hash: 61F05E306443409BEB30CBA0DC4DFAA73B8FB45310F50492AE65AC31C0DB789888DB25

Function 007E1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 007E17F6

Strings

CALL, xrefs: 007E17C6

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 16a65bef59786bac3049cedec6971e370c02d8c051b079d7c3e10d117d3e2634
Instruction ID: f154f1c66b48d74aad5f4d7bf08ccf73c9239d8e79d91056b1aff411005f3c4f
Opcode Fuzzy Hash: 16a65bef59786bac3049cedec6971e370c02d8c051b079d7c3e10d117d3e2634
Instruction Fuzzy Hash: 06229B70609281DFC714DF15C485A2ABBF1FF89314F58896DF4968B3A2D739E891CB82

Function 007D2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00812C8C

Part of subcall function 007D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007D3A97,?,?,007D2E7F,?,?,?,00000000), ref: 007D3AC2

Part of subcall function 007D2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007D2DC4

Strings

X, xrefs: 00812C5A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: b1cd5ab15276890b5a8dfda1d6d797e95df6f791209827d46213e4e6e424b56c
Instruction ID: bf8073afccc9f1e44fa6841ee9154b9cde6428b2ff7a51f61d78539f21fb3f51
Opcode Fuzzy Hash: b1cd5ab15276890b5a8dfda1d6d797e95df6f791209827d46213e4e6e424b56c
Instruction Fuzzy Hash: 02219671A002589BDF41EF94C8497EE7BFCEF49304F00405AE505E7341EBB859898FA1

Function 007D3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 007D3908

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 4d180f0e8734fffa276e7ba4ef00c4560b240aaa92997c0f027dc38111606c09
Instruction ID: f2f70fa25ffc4e8cfaa459901c2505684baa9473b620589cf3dc560fde981004
Opcode Fuzzy Hash: 4d180f0e8734fffa276e7ba4ef00c4560b240aaa92997c0f027dc38111606c09
Instruction Fuzzy Hash: 103180705043019FEB20DF24D888797BBF8FB49708F00092EF59997740E7B9AA44CB62

Function 007EF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 007EF661

Part of subcall function 007DD730: GetInputState.USER32 ref: 007DD807

Sleep.KERNEL32(00000000), ref: 0082F2DE

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 56cbe360058e5857a5bb57b6c2a1bc31317e8a5872ec16f7c5f3c86a36ff4437
Instruction ID: 8176de983c6ccc74e8f8859e55277ac4b1d0771b2d1df82af410e12251e00816
Opcode Fuzzy Hash: 56cbe360058e5857a5bb57b6c2a1bc31317e8a5872ec16f7c5f3c86a36ff4437
Instruction Fuzzy Hash: 5EF08C31240205DFD310EF69E449B6AB7F8FF4A760F00006AE85AC7361DBB0A800CB90

Function 007DB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 007DBB4E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 7bef742201130fa230020bb73459d0ba608c627e5310455737dd9331cf273679
Instruction ID: 8bc31c7b3db88cbf3c4740664c5255c4e8a52893befc1818444187ee1d905e99
Opcode Fuzzy Hash: 7bef742201130fa230020bb73459d0ba608c627e5310455737dd9331cf273679
Instruction Fuzzy Hash: 9B32BF74A00219DFDB20CF58C898ABEB7B5FF49314F15805AE915AB362C778ED81CB91

Function 007D4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 007D4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007D4EDD,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E9C
Part of subcall function 007D4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007D4EAE
Part of subcall function 007D4E90: FreeLibrary.KERNEL32(00000000,?,?,007D4EDD,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4EFD

Part of subcall function 007D4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00813CDE,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E62
Part of subcall function 007D4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007D4E74
Part of subcall function 007D4E59: FreeLibrary.KERNEL32(00000000,?,?,00813CDE,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E87

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: fab7577d9dd25f13f8ef8c228ecb434de284a99beca992b69fe413c15728093e
Instruction ID: 16ee602f7b48415f1c520528dece9e28608977b892a0780f3c2a7eae84949ac4
Opcode Fuzzy Hash: fab7577d9dd25f13f8ef8c228ecb434de284a99beca992b69fe413c15728093e
Instruction Fuzzy Hash: E611E332600205EBCB14AF64DC0AFAD77B5AF40710F10842FF582A63E1EE789A459790

Function 00808402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00808440

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: e4f044ed95bba4fe4ae70163a7cababf83bd9b23f9f28359db571eb116a77241
Instruction ID: c4a87a35685b15b5ec50a41a1b06fbae0443d0921985a0aa6431332436615e38
Opcode Fuzzy Hash: e4f044ed95bba4fe4ae70163a7cababf83bd9b23f9f28359db571eb116a77241
Instruction Fuzzy Hash: AE11067590410AEFCB05DF58E9419DA7BF9FF48314F104059F808EB352DA31DA518BA5

Function 008629BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,008614B5,?), ref: 00862A01

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: f38b2ba257f20f1beb5c305a7b75be9c813686bd69427da816ec07c1d5b5e54c
Instruction ID: 5d9d1ea075a6a26fc9068127d4790f621a3467c7b1393a4c838aeda38fa6b941
Opcode Fuzzy Hash: f38b2ba257f20f1beb5c305a7b75be9c813686bd69427da816ec07c1d5b5e54c
Instruction Fuzzy Hash: 8D019236300E629FD324CA6CC455F223792FBC5319F2A84A8C047CB251D772EC42C790

Function 007FE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 48f9c2f9f6675be88a5ad3503ad8e621b6de4f57f75ccb10fd8e4eeb1b33dce9
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 2CF0F932510E1CD6C6313E698C09B7A3398EF52330F100715F621D63E1DF78980185A6

Function 00803820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6,?,007D1129), ref: 00803852

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: fd771449445a760e61456de60898e6529e2d1b73e72211a210ec8f91da17ff1c
Instruction ID: 5ba0fe773e024161cda42b9985e3fcd4ce9ef2fca9a2e8407c610eac792a5b48
Opcode Fuzzy Hash: fd771449445a760e61456de60898e6529e2d1b73e72211a210ec8f91da17ff1c
Instruction Fuzzy Hash: 38E0E53210022897EB612A669C09BAB364CFF427B0F0580B1FD15D26D0CB15DE0181E0

Function 007D4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4F6D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 689b037f994f91b3c6a4eff75a51597dfad1ce7d82bd22b2741e2a538ad19bb6
Instruction ID: 9f5d3de207a1acfe96d165c2ac98288fd7bd47029f383778e4c3e94c7ab14fef
Opcode Fuzzy Hash: 689b037f994f91b3c6a4eff75a51597dfad1ce7d82bd22b2741e2a538ad19bb6
Instruction Fuzzy Hash: EDF01571105752CFDB349F64D494822BBF4AF14329328897FE2EA82621CB399844DB10

Function 00862A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00862A66

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 790ef4479a674e01ddeb9a6ec3c3896a6358a94e837df50b114e22ab796b1ffb
Instruction ID: 0aa1a919bac2b5bb07da47300509cc86c80b5c7a7263317dade56b1dad864192
Opcode Fuzzy Hash: 790ef4479a674e01ddeb9a6ec3c3896a6358a94e837df50b114e22ab796b1ffb
Instruction Fuzzy Hash: 93E0263635052AAAC710EB74DC809FE774CFF60396B11053AFC26C2140DF70999182E0

Function 007D2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007D2DC4

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: d76f0f7d9c9ea178c829ccde00ec2685fa21c4e16e64ca5c0683a0fadcd89ca8
Instruction ID: 93877461de5c48076c2c6392766cfe5d407b98c6dcc8ebedd2688874c4a144a1
Opcode Fuzzy Hash: d76f0f7d9c9ea178c829ccde00ec2685fa21c4e16e64ca5c0683a0fadcd89ca8
Instruction Fuzzy Hash: 06E0CD726041245BCB10A2589C09FEA77EDEFC8790F050072FD09D7348DA64AD808551

Function 007D2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 007D3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 007D3908

Part of subcall function 007DD730: GetInputState.USER32 ref: 007DD807

SetCurrentDirectoryW.KERNEL32(?), ref: 007D2B6B

Part of subcall function 007D30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 007D314E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: b4b2d49049da61f142132eb721698b29abbf4ef8ecbef03176c0d35307266213
Instruction ID: 80d8a7b6c20ae0bbb4c4b06ae293710d5172ec970c78ce1211a11f69c34c19e6
Opcode Fuzzy Hash: b4b2d49049da61f142132eb721698b29abbf4ef8ecbef03176c0d35307266213
Instruction Fuzzy Hash: 20E0862170424486CA04BB75A85E57DA77AABD6751F40153FF14283363DE6D494A4262

Function 0081039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00810704,?,?,00000000,?,00810704,00000000,0000000C), ref: 008103B7

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f289ee89d75701812b911b307ece94b7ffc231af202a0e546d1165aba5990b42
Instruction ID: 8c1ada390269e52d1fc7502bdf92dd0d457f777b3f75f449ca2a5ede14d7afae
Opcode Fuzzy Hash: f289ee89d75701812b911b307ece94b7ffc231af202a0e546d1165aba5990b42
Instruction Fuzzy Hash: 52D06C3204010DBBDF028F84DD06EDA3BAAFB48714F014000FE5856020C772E821AB90

Function 007D1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 007D1CBC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 80711f163051f31152efb1e592e208704c9156594c7aeff95888007a3c265abb
Instruction ID: ad21e64bed08b3a5ac62a4a57df2c926041ab54aa08cf66781e6196779b1cbe0
Opcode Fuzzy Hash: 80711f163051f31152efb1e592e208704c9156594c7aeff95888007a3c265abb
Instruction Fuzzy Hash: A9C09B352803049FF6144B84BC4EF107754B349B10F045001F649559E3C3E11410DA50

Non-executed Functions

Function 00869576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0086961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0086965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0086969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008696C9
SendMessageW.USER32 ref: 008696F2
GetKeyState.USER32(00000011), ref: 0086978B
GetKeyState.USER32(00000009), ref: 00869798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008697AE
GetKeyState.USER32(00000010), ref: 008697B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008697E9
SendMessageW.USER32 ref: 00869810
SendMessageW.USER32(?,00001030,?,00867E95), ref: 00869918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0086992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00869941
SetCapture.USER32(?), ref: 0086994A
ClientToScreen.USER32(?,?), ref: 008699AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 008699BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008699D6
ReleaseCapture.USER32 ref: 008699E1
GetCursorPos.USER32(?), ref: 00869A19
ScreenToClient.USER32(?,?), ref: 00869A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00869A80
SendMessageW.USER32 ref: 00869AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00869AEB
SendMessageW.USER32 ref: 00869B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00869B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00869B4A
GetCursorPos.USER32(?), ref: 00869B68
ScreenToClient.USER32(?,?), ref: 00869B75
GetParent.USER32(?), ref: 00869B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00869BFA
SendMessageW.USER32 ref: 00869C2B
ClientToScreen.USER32(?,?), ref: 00869C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00869CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00869CDE
SendMessageW.USER32 ref: 00869D01
ClientToScreen.USER32(?,?), ref: 00869D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00869D82

Part of subcall function 007E9944: GetWindowLongW.USER32(?,000000EB), ref: 007E9952

GetWindowLongW.USER32(?,000000F0), ref: 00869E05

Strings

F, xrefs: 00869D07
@GUI_DRAGID, xrefs: 0086997D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: 23bed669828f4280526efefe4b8afb4af130c86b80b9c4f7058552c270b0493c
Instruction ID: c525c95453595bd94f38b1f4602081a2d2b42d793b4bab554a3914b5922c0598
Opcode Fuzzy Hash: 23bed669828f4280526efefe4b8afb4af130c86b80b9c4f7058552c270b0493c
Instruction Fuzzy Hash: B8428A34204301AFDB25CF68CC48AAABBE9FF59314F16061DF699C72E1E771A854CB52

Function 00864873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 008648F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00864908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00864927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0086494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0086495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0086497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 008649AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 008649D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00864A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00864A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00864A7E
IsMenu.USER32(?), ref: 00864A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00864AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00864B20
GetWindowLongW.USER32(?,000000F0), ref: 00864B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00864BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00864C82
wsprintfW.USER32 ref: 00864CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00864CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00864CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00864D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00864D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00864D5A

Strings

%d/%02d/%02d, xrefs: 00864CA8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: 919cc5161832d00225330373e35dd556093d0b04f83752935ccfdb5984f7e5d1
Instruction ID: a0cf3361160af4ead32918ef43f68584f96086cbe01a235896d4715168894324
Opcode Fuzzy Hash: 919cc5161832d00225330373e35dd556093d0b04f83752935ccfdb5984f7e5d1
Instruction Fuzzy Hash: F512FD71600258ABEB248F28DC49FBE7BB8FF45714F115129F616EB2A1DBB89940CB50

Function 007EF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 007EF998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0082F474
IsIconic.USER32(00000000), ref: 0082F47D
ShowWindow.USER32(00000000,00000009), ref: 0082F48A
SetForegroundWindow.USER32(00000000), ref: 0082F494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0082F4AA
GetCurrentThreadId.KERNEL32 ref: 0082F4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0082F4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 0082F4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 0082F4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0082F4DE
SetForegroundWindow.USER32(00000000), ref: 0082F4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 0082F4F6
keybd_event.USER32(00000012,00000000), ref: 0082F501
MapVirtualKeyW.USER32(00000012,00000000), ref: 0082F50B
keybd_event.USER32(00000012,00000000), ref: 0082F510
MapVirtualKeyW.USER32(00000012,00000000), ref: 0082F519
keybd_event.USER32(00000012,00000000), ref: 0082F51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 0082F528
keybd_event.USER32(00000012,00000000), ref: 0082F52D
SetForegroundWindow.USER32(00000000), ref: 0082F530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 0082F557

Strings

Shell_TrayWnd, xrefs: 0082F46F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 85dc9e210a237490d7d088821b3cf2ac5aecf243287252221f9d6ebd0e1450f1
Instruction ID: 5646bfa8be6ade8438d342914d56a947a78c19cf88c1d8b0aa9b6ac715d27a96
Opcode Fuzzy Hash: 85dc9e210a237490d7d088821b3cf2ac5aecf243287252221f9d6ebd0e1450f1
Instruction Fuzzy Hash: EA315071A40228BAEB206FB5AC4AFBF7E7CFB44B50F111026F741E61D1C6F15940EA64

Function 00831201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 008316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0083170D
Part of subcall function 008316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0083173A
Part of subcall function 008316C3: GetLastError.KERNEL32 ref: 0083174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00831286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008312A8
CloseHandle.KERNEL32(?), ref: 008312B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008312D1
GetProcessWindowStation.USER32 ref: 008312EA
SetProcessWindowStation.USER32(00000000), ref: 008312F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00831310

Part of subcall function 008310BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008311FC), ref: 008310D4
Part of subcall function 008310BF: CloseHandle.KERNEL32(?,?,008311FC), ref: 008310E9

Strings

default, xrefs: 0083130B
, xrefs: 0083125A
winsta0, xrefs: 008312CC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 469033a99ed14c0908710cf6d3fb4af498726a2758fe5ca8a6edfd0950a55f08
Instruction ID: f4aeaafb53e7152c4d48de5faca211e36b1a79760e791d071b173e7925fb953f
Opcode Fuzzy Hash: 469033a99ed14c0908710cf6d3fb4af498726a2758fe5ca8a6edfd0950a55f08
Instruction Fuzzy Hash: B9818B71900208ABDF219FA8DC49FFE7BBAFF44B04F144129F910E62A0CB758944CBA5

Function 00830B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00831114
Part of subcall function 008310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831120
Part of subcall function 008310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 0083112F
Part of subcall function 008310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831136
Part of subcall function 008310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0083114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00830BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00830C00
GetLengthSid.ADVAPI32(?), ref: 00830C17
GetAce.ADVAPI32(?,00000000,?), ref: 00830C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00830C6D
GetLengthSid.ADVAPI32(?), ref: 00830C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00830C8C
HeapAlloc.KERNEL32(00000000), ref: 00830C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00830CB4
CopySid.ADVAPI32(00000000), ref: 00830CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00830CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00830D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00830D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830D45
HeapFree.KERNEL32(00000000), ref: 00830D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830D55
HeapFree.KERNEL32(00000000), ref: 00830D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830D65
HeapFree.KERNEL32(00000000), ref: 00830D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00830D78
HeapFree.KERNEL32(00000000), ref: 00830D7F

Part of subcall function 00831193: GetProcessHeap.KERNEL32(00000008,00830BB1,?,00000000,?,00830BB1,?), ref: 008311A1
Part of subcall function 00831193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00830BB1,?), ref: 008311A8
Part of subcall function 00831193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00830BB1,?), ref: 008311B7

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 189830ae4e3f93e2bc00f66dda449f318b842e5ea8e7ee2e5e0925f3c8c0d53a
Instruction ID: 103724a3d66a339885514939d7bf3c3650fb586e437dead000d8927085f89a01
Opcode Fuzzy Hash: 189830ae4e3f93e2bc00f66dda449f318b842e5ea8e7ee2e5e0925f3c8c0d53a
Instruction Fuzzy Hash: 57715A7290020AABEF10DFA4DC48FAEBBB8FF45300F154655E954E6291D7B5AA05CFA0

Function 0084EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(0086CC08), ref: 0084EB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 0084EB37
GetClipboardData.USER32(0000000D), ref: 0084EB43
CloseClipboard.USER32 ref: 0084EB4F
GlobalLock.KERNEL32(00000000), ref: 0084EB87
CloseClipboard.USER32 ref: 0084EB91
GlobalUnlock.KERNEL32(00000000), ref: 0084EBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 0084EBC9
GetClipboardData.USER32(00000001), ref: 0084EBD1
GlobalLock.KERNEL32(00000000), ref: 0084EBE2
GlobalUnlock.KERNEL32(00000000), ref: 0084EC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 0084EC38
GetClipboardData.USER32(0000000F), ref: 0084EC44
GlobalLock.KERNEL32(00000000), ref: 0084EC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0084EC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0084EC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0084ECD2
GlobalUnlock.KERNEL32(00000000), ref: 0084ECF3
CountClipboardFormats.USER32 ref: 0084ED14
CloseClipboard.USER32 ref: 0084ED59

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: c307bd9fd2b2a9e14e6335f89a991c583018d0dd86b0e74d8d6cbed36dc3219f
Instruction ID: b53426ed74e5f0e362524acd96c97f46003d66edc4e43e3e1fb128cf9128fe74
Opcode Fuzzy Hash: c307bd9fd2b2a9e14e6335f89a991c583018d0dd86b0e74d8d6cbed36dc3219f
Instruction Fuzzy Hash: 5D61AB34204209AFD300EF24D898F3AB7A4FF84714F15551EF896D72A2CB71E905CBA2

Function 0084698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 008469BE
FindClose.KERNEL32(00000000), ref: 00846A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00846A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00846A75

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00846AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00846ADF

Strings

%4d%02d%02d%02d%02d%02d%03d, xrefs: 00846B32
%4d, xrefs: 00846BB1
%4d%02d%02d%02d%02d%02d, xrefs: 00846B6A
%02d, xrefs: 00846C00, 00846C0A, 00846C5A, 00846CAA, 00846CFA, 00846D4A
%03d, xrefs: 00846DA2

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: b27befc8d4e29dec2891b9c0ea8cd6cf67f7810cdbef6ede8ede2add42447e00
Instruction ID: d82306a28d6926f72862be9a9677258fa18c941fff84799aa02ae6e91d051ac6
Opcode Fuzzy Hash: b27befc8d4e29dec2891b9c0ea8cd6cf67f7810cdbef6ede8ede2add42447e00
Instruction Fuzzy Hash: 0ED150B2508344AEC714EBA4C895EABB7FCFF88704F44491EF585D6291EB78DA04C762

Function 00849642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00849663
GetFileAttributesW.KERNEL32(?), ref: 008496A1
SetFileAttributesW.KERNEL32(?,?), ref: 008496BB
FindNextFileW.KERNEL32(00000000,?), ref: 008496D3
FindClose.KERNEL32(00000000), ref: 008496DE
FindFirstFileW.KERNEL32(*.*,?), ref: 008496FA
SetCurrentDirectoryW.KERNEL32(?), ref: 0084974A
SetCurrentDirectoryW.KERNEL32(00896B7C), ref: 00849768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00849772
FindClose.KERNEL32(00000000), ref: 0084977F
FindClose.KERNEL32(00000000), ref: 0084978F

Strings

*.*, xrefs: 008496F5

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: 1585ffd394a8cbacaf9cd5d27d00e9914be86182e467451c7f60f5b6052147a8
Instruction ID: cd4314392261b4cca704d1101cd47691404a92c0ce1c8b3ece1e3622bd890ccd
Opcode Fuzzy Hash: 1585ffd394a8cbacaf9cd5d27d00e9914be86182e467451c7f60f5b6052147a8
Instruction Fuzzy Hash: FF31BE3260121DAEDB20AFB4DC08AEF77ACFF09320F154156E995E22A0EB74DE408B14

Function 0084979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 008497BE
FindNextFileW.KERNEL32(00000000,?), ref: 00849819
FindClose.KERNEL32(00000000), ref: 00849824
FindFirstFileW.KERNEL32(*.*,?), ref: 00849840
SetCurrentDirectoryW.KERNEL32(?), ref: 00849890
SetCurrentDirectoryW.KERNEL32(00896B7C), ref: 008498AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 008498B8
FindClose.KERNEL32(00000000), ref: 008498C5
FindClose.KERNEL32(00000000), ref: 008498D5

Part of subcall function 0083DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0083DB00

Strings

*.*, xrefs: 0084983B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 9740847897e90eecb44911e1d68df71fe54ef2dac6ff67280d3d2f86ab9d26d3
Instruction ID: a310d3de365d9f1ae1954d16c5fcda688ce26a7568089720c76b5ffa093ad1c2
Opcode Fuzzy Hash: 9740847897e90eecb44911e1d68df71fe54ef2dac6ff67280d3d2f86ab9d26d3
Instruction Fuzzy Hash: 3D31C13150021D6EDF20EFB8EC48AEF77ACFF46320F144166E990E2290EB75DA448A60

Function 0085BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0085C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0085B6AE,?,?), ref: 0085C9B5
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085C9F1
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA68
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0085BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0085BFA9
RegCloseKey.ADVAPI32(00000000), ref: 0085BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0085C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0085C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0085C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0085C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0085C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0085C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0085C382
RegCloseKey.ADVAPI32(00000000), ref: 0085C38F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: 55d97aae18d3745b6aa764763201d7a77445f5f5389e383381c6f861198613b2
Instruction ID: fe9da301687f9b796f19f97073c207e024acfbb7a29fe951d65ac2a53eac8dde
Opcode Fuzzy Hash: 55d97aae18d3745b6aa764763201d7a77445f5f5389e383381c6f861198613b2
Instruction Fuzzy Hash: CF022A71604200AFD714DF28C895E2ABBE5FF49318F18849DF84ADB2A2DB35ED45CB52

Function 00848195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00848257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00848267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00848273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00848310
SetCurrentDirectoryW.KERNEL32(?), ref: 00848324
SetCurrentDirectoryW.KERNEL32(?), ref: 00848356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0084838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00848395

Strings

*.*, xrefs: 0084839B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: f4795a6cc640796550fa7bdd809157248e14e347dd8a1560610a104bad1f93f5
Instruction ID: 768f29045e7cae4513883624ed1f0b8053c9229c344efc334857b0b88fa17ab2
Opcode Fuzzy Hash: f4795a6cc640796550fa7bdd809157248e14e347dd8a1560610a104bad1f93f5
Instruction Fuzzy Hash: 2B6135B2504209DFCB10EF64D8449AEB3E8FF89314F04891AF99AD7351EB35E945CB92

Function 0083D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 007D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007D3A97,?,?,007D2E7F,?,?,?,00000000), ref: 007D3AC2

Part of subcall function 0083E199: GetFileAttributesW.KERNEL32(?,0083CF95), ref: 0083E19A

FindFirstFileW.KERNEL32(?,?), ref: 0083D122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0083D1DD
MoveFileW.KERNEL32(?,?), ref: 0083D1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 0083D20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 0083D237

Part of subcall function 0083D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0083D21C,?,?), ref: 0083D2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 0083D253
FindClose.KERNEL32(00000000), ref: 0083D264

Strings

\*.*, xrefs: 0083D0CD, 0083D0D6, 0083D0EB

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 06c4cb1131c08085e1cb009dec62ad4f4e05b1ca615494c4367d24bf2b23032d
Instruction ID: c1aa8041f561ecfd89cf4e23ec0cd236cfe36389a55c57c87894a328c1898d27
Opcode Fuzzy Hash: 06c4cb1131c08085e1cb009dec62ad4f4e05b1ca615494c4367d24bf2b23032d
Instruction Fuzzy Hash: F0613C3190120DABCF05EBA0EA969EEB775FF95300F244166E401B7291EB356F09DBA1

Function 0084ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 0084ED91
EmptyClipboard.USER32 ref: 0084ED97
GlobalAlloc.KERNEL32(00000002,?), ref: 0084EDAC
CloseClipboard.USER32 ref: 0084EEA3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: b1859845253a1a108ebd68c025babf1de7a9f7c5bc4666bbe9aa37f6eb97e186
Instruction ID: 9cec8e701ecd85be1d62378af440ab80dd1f89095cecefd56f97fd6d78eafea3
Opcode Fuzzy Hash: b1859845253a1a108ebd68c025babf1de7a9f7c5bc4666bbe9aa37f6eb97e186
Instruction Fuzzy Hash: 8B418B35604615AFE720DF19E888B29BBA1FF44318F158099E85ACB762C775EC41CB90

Function 0083E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 008316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0083170D
Part of subcall function 008316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0083173A
Part of subcall function 008316C3: GetLastError.KERNEL32 ref: 0083174A

ExitWindowsEx.USER32(?,00000000), ref: 0083E932

Strings

, xrefs: 0083E95C
, xrefs: 0083E920
SeShutdownPrivilege, xrefs: 0083E902
@, xrefs: 0083E925

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: c2fb82bcb7f78a0f0604ccffc0d76f53e278442c85680e8aa7fbbd5ababec847
Instruction ID: 379666924c19bfdf065b0fd50170b64fff082f54eba15025f36d60c6faa0577e
Opcode Fuzzy Hash: c2fb82bcb7f78a0f0604ccffc0d76f53e278442c85680e8aa7fbbd5ababec847
Instruction Fuzzy Hash: 5401F972710215ABEF5426B89C8AFBF765CF794754F154422FC13F21D1E6A45C4083D1

Function 00851204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00851276
WSAGetLastError.WSOCK32 ref: 00851283
bind.WSOCK32(00000000,?,00000010), ref: 008512BA
WSAGetLastError.WSOCK32 ref: 008512C5
closesocket.WSOCK32(00000000), ref: 008512F4
listen.WSOCK32(00000000,00000005), ref: 00851303
WSAGetLastError.WSOCK32 ref: 0085130D
closesocket.WSOCK32(00000000), ref: 0085133C

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: e9a19b9f7a1b17e5fd6ea8f9cdaf18b7ad64f20ac364a5e7163247104a601886
Instruction ID: f2bb445bf73d04a56512cdb37e5d3832b0d3f402ff33684807dbceb7e7b58ccd
Opcode Fuzzy Hash: e9a19b9f7a1b17e5fd6ea8f9cdaf18b7ad64f20ac364a5e7163247104a601886
Instruction Fuzzy Hash: 9C418D316001019FDB20DF24C489B69BBE6FF86319F198199E8568F392C775EC85CBE1

Function 0083D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 007D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007D3A97,?,?,007D2E7F,?,?,?,00000000), ref: 007D3AC2

Part of subcall function 0083E199: GetFileAttributesW.KERNEL32(?,0083CF95), ref: 0083E19A

FindFirstFileW.KERNEL32(?,?), ref: 0083D420
DeleteFileW.KERNEL32(?,?,?,?), ref: 0083D470
FindNextFileW.KERNEL32(00000000,00000010), ref: 0083D481
FindClose.KERNEL32(00000000), ref: 0083D498
FindClose.KERNEL32(00000000), ref: 0083D4A1

Strings

\*.*, xrefs: 0083D3F2

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: f1b7f0e229cf99e01d3cea985178135ba267cb275331b73b8735315f9be4a4dd
Instruction ID: 2c1898a76e689f0ede28de73162994bc09726b02229fd7f67f54c7b54194fec8
Opcode Fuzzy Hash: f1b7f0e229cf99e01d3cea985178135ba267cb275331b73b8735315f9be4a4dd
Instruction Fuzzy Hash: D5318E71008345ABC301EF64D8958AFB7B8FE91304F444A1EF4D593291EB34AA09DBA7

Function 0080E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 0080E645

Strings

1#SNAN, xrefs: 0080F844
1#QNAN, xrefs: 0080F84B
1#INF, xrefs: 0080F852
1#IND, xrefs: 0080F83D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: f52f54a45211ac9568d5c0dfb6551fc86ed4acb10edec0f54c36a980855c6121
Instruction ID: 9b213d571092315c985b67b4514bb231d5416c0184b4b9e06468a739a92d2956
Opcode Fuzzy Hash: f52f54a45211ac9568d5c0dfb6551fc86ed4acb10edec0f54c36a980855c6121
Instruction Fuzzy Hash: 33C22A72E046288FDBB5CE289D447EAB7B5FB44304F1445EAD54DE7281E778AE818F40

Function 0084648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 008464DC
CoInitialize.OLE32(00000000), ref: 00846639
CoCreateInstance.OLE32(0086FCF8,00000000,00000001,0086FB68,?), ref: 00846650
CoUninitialize.OLE32 ref: 008468D4

Strings

.lnk, xrefs: 008464BA, 00846524, 008465E0

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 223cdfbf5013badf418e4acea9446bb749725fff575881df914eefd1d3a332af
Instruction ID: 80a2e88f23bebe74134af34423df60cd23762be87f7a38fca4fda88372808b19
Opcode Fuzzy Hash: 223cdfbf5013badf418e4acea9446bb749725fff575881df914eefd1d3a332af
Instruction Fuzzy Hash: 98D13871508205AFC314EF24C885A6BB7E8FF95704F04496DF595CB2A1EB74ED05CBA2

Function 008522DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 008522E8

Part of subcall function 0084E4EC: GetWindowRect.USER32(?,?), ref: 0084E504

GetDesktopWindow.USER32 ref: 00852312
GetWindowRect.USER32(00000000), ref: 00852319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00852355
GetCursorPos.USER32(?), ref: 00852381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008523DF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 95bdf727524ab46f423e988a2befa1f318d9346ab54aa8f09dc40c0b88e7e63d
Instruction ID: 3eba9c1bbbaa65fdafecf6e8fe9526d5dc02de25ba656a1ae219989dfab41ef4
Opcode Fuzzy Hash: 95bdf727524ab46f423e988a2befa1f318d9346ab54aa8f09dc40c0b88e7e63d
Instruction Fuzzy Hash: AB31BE72504315AFDB20DF58C849BABBBA9FF85314F00091DF985D7291DB74EA09CB92

Function 00849B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00849B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00849C8B

Part of subcall function 00843874: GetInputState.USER32 ref: 008438CB
Part of subcall function 00843874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00843966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00849BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00849C75

Strings

*.*, xrefs: 00849B5D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: dcebac55b7bfae996bfabfa287f26d7f962bad4bad1efaf50219229e86f340ef
Instruction ID: 87a596699e9272591298dbbffd114675e2a6dc86fa03bf78a95a4d4678695dc9
Opcode Fuzzy Hash: dcebac55b7bfae996bfabfa287f26d7f962bad4bad1efaf50219229e86f340ef
Instruction Fuzzy Hash: CF415E7194420EAFCF24DF64C989AEEBBB8FF05310F244156E955E2291EB349E44CF61

Function 007E997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 007E9A4E
GetSysColor.USER32(0000000F), ref: 007E9B23
SetBkColor.GDI32(?,00000000), ref: 007E9B36

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 2ec4b7e7950e70f2898d3ec89f3a627a778a8b53094a4a907abcb56ce2d1b7cc
Instruction ID: db82daf8bec88c327c88fe52283e11647e797cab7a1ee377bb5474b877ce712d
Opcode Fuzzy Hash: 2ec4b7e7950e70f2898d3ec89f3a627a778a8b53094a4a907abcb56ce2d1b7cc
Instruction Fuzzy Hash: FCA13C7210A5A4BEE7249A3F9C5CD7B365DFF4A304F158129F702C6AD1CA2D9D41C272

Function 00851806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0085304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0085307A
Part of subcall function 0085304E: _wcslen.LIBCMT ref: 0085309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0085185D
WSAGetLastError.WSOCK32 ref: 00851884
bind.WSOCK32(00000000,?,00000010), ref: 008518DB
WSAGetLastError.WSOCK32 ref: 008518E6
closesocket.WSOCK32(00000000), ref: 00851915

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 2d1f4ec01169df6f5e532ec3b9ac5b38a9b493c49563cab27d6dfc3ba7ad7341
Instruction ID: 4e8ac390515b94d189bfcf9b6da71fef3e33e1cdd7920de9c68ff8bd4db148fe
Opcode Fuzzy Hash: 2d1f4ec01169df6f5e532ec3b9ac5b38a9b493c49563cab27d6dfc3ba7ad7341
Instruction Fuzzy Hash: 3151C575A00200AFDB20AF24C88AF6A77E5EB49718F488059F9469F3C3D775AD41CBE1

Function 00861C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00861CC0
IsWindowEnabled.USER32 ref: 00861CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00861CDB
IsIconic.USER32 ref: 00861CE9
IsZoomed.USER32 ref: 00861CF7

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: aa57d7458f2f8e652d1d54e0e74fe7d758ac3636358617abca19e5c006be3910
Instruction ID: d7b476685c5036323670efa49097e54a96110d3657607d406b4f57230eb82c94
Opcode Fuzzy Hash: aa57d7458f2f8e652d1d54e0e74fe7d758ac3636358617abca19e5c006be3910
Instruction Fuzzy Hash: DB21D3317406119FDB218F1AC848B6A7BA5FF95315F1E9059E846CB352CBB1DC42CB90

Function 007D8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

ERCP, xrefs: 007D813C
VUUU, xrefs: 007D83FA
VUUU, xrefs: 007D843C
VUUU, xrefs: 00815DF0
VUUU, xrefs: 007D83E8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 197ec7f99e5b1b797b22c70d3cdc9baff3613a66090e434043ec4e380ec29589
Instruction ID: d409fa4a79257bdfecf4136f0143f8ed5c999219fa8d34c4f6b321a029d7b4e1
Opcode Fuzzy Hash: 197ec7f99e5b1b797b22c70d3cdc9baff3613a66090e434043ec4e380ec29589
Instruction Fuzzy Hash: 0EA25870A0061ACBDF64CF58C8407EEB7B5FF54310F2481AAE859A7385EB789D91CB91

Function 0083AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0083AAAC
SetKeyboardState.USER32(00000080), ref: 0083AAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0083AB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0083AB88

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: c1289621ef6fc8113d81879dd83dc121cbc19f26e1caf4e89d24fb9a0006d99e
Instruction ID: 1c4dd50867b670278d92aee27b406b60f581e98524990bf9f8bdccb7228a09e0
Opcode Fuzzy Hash: c1289621ef6fc8113d81879dd83dc121cbc19f26e1caf4e89d24fb9a0006d99e
Instruction Fuzzy Hash: 9F31F731A40248AEEF298A64CC05BFAB7A6FBD4320F04421AE1C1D61D1D3758981C7E3

Function 0080BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0080BB7F

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

GetTimeZoneInformation.KERNEL32 ref: 0080BB91
WideCharToMultiByte.KERNEL32(00000000,?,008A121C,000000FF,?,0000003F,?,?), ref: 0080BC09
WideCharToMultiByte.KERNEL32(00000000,?,008A1270,000000FF,?,0000003F,?,?,?,008A121C,000000FF,?,0000003F,?,?), ref: 0080BC36

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: d7e83fab3492b721eb20f96c944ae07fd5165e203aa77770b94b96a707cd241f
Instruction ID: 925127baeb7b1a86cf7a00e3e7dee877dd16a151ba870cea5b9ebd4b0412efde
Opcode Fuzzy Hash: d7e83fab3492b721eb20f96c944ae07fd5165e203aa77770b94b96a707cd241f
Instruction Fuzzy Hash: BC31DE71904245DFEB50DFA8CC80A79BBB8FF56760B1546AAE060DB6E1D7309E40CB50

Function 0084CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 0084CE89
GetLastError.KERNEL32(?,00000000), ref: 0084CEEA
SetEvent.KERNEL32(?,?,00000000), ref: 0084CEFE

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 09613549167c877435786894739655993964d7a84896adeffc839c135edca722
Instruction ID: d13f615fe9dd71af066f9f936798a4cb40ead43079b49d0ec08ed99b0437674c
Opcode Fuzzy Hash: 09613549167c877435786894739655993964d7a84896adeffc839c135edca722
Instruction Fuzzy Hash: EB219DB1501309DBDB60DFA5C948BA67BFCFB50358F10442EE646D2251EBB8EE088B64

Function 00838298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 008382AA

Strings

|, xrefs: 008382DA
(, xrefs: 008382F0

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: 9993b4ee030a408582988e843a5d73d15a859cca3c77e3e3ac1955509dda69ec
Instruction ID: 64c966326a44e0079280fccdb932b3a572c3da6d10bf57cec72b1dad5ba512d3
Opcode Fuzzy Hash: 9993b4ee030a408582988e843a5d73d15a859cca3c77e3e3ac1955509dda69ec
Instruction Fuzzy Hash: 2D322474A00705DFCB28CF59C481A6AB7F1FF88710B15856EE49ADB7A1EB70E941CB80

Function 00845C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00845CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00845D17
FindClose.KERNEL32(?), ref: 00845D5F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 45552b19aebc2779fc3259a5dc818d5b596229b5995f4b88f7c971394500ae6c
Instruction ID: b9c2d6032b809a8e616c88f3b18d6dbe58550f374d975ec3ebb6f8c0026b76e9
Opcode Fuzzy Hash: 45552b19aebc2779fc3259a5dc818d5b596229b5995f4b88f7c971394500ae6c
Instruction Fuzzy Hash: B351AA74A04A05DFC714DF28C498A9AB7E4FF49314F14856EE99ACB3A2DB34ED04CB91

Function 00802622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0080271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00802724
UnhandledExceptionFilter.KERNEL32(?), ref: 00802731

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 32fe3c9c3b58d90935250429582a91193bf055638e3b9bf807ad768213ce3228
Instruction ID: eb77e74e7a962f30dde7360b37ceb807e1fed58abaa9952aaf2971939729646c
Opcode Fuzzy Hash: 32fe3c9c3b58d90935250429582a91193bf055638e3b9bf807ad768213ce3228
Instruction Fuzzy Hash: C631C27591121CABCB21DF68DD88798BBB8BF08310F5041EAE91CA63A1E7749F818F44

Function 008451CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 008451DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00845238
SetErrorMode.KERNEL32(00000000), ref: 008452A1

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 1b4bcf59f19a4a550b597216b689de6de8e9148f62cca4a649056a64d68db96e
Instruction ID: 85c0d79e280561a646340f4dc548569e0846378fbe865623ba5a8f80ab608278
Opcode Fuzzy Hash: 1b4bcf59f19a4a550b597216b689de6de8e9148f62cca4a649056a64d68db96e
Instruction Fuzzy Hash: 2B318E35A00518DFDB00DF94D888EADBBB4FF49318F08809AE805AB362DB75E855CB90

Function 008316C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 007EFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007F0668
Part of subcall function 007EFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007F0685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0083170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0083173A
GetLastError.KERNEL32 ref: 0083174A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: b88af71672f694f8845c4399a69ad108879df500b3d8f882ca014cf96cc4ef60
Instruction ID: f3e1919d67c761e357f66c4e7ac03f127fcd5367de9ea48aadaab049b78ae210
Opcode Fuzzy Hash: b88af71672f694f8845c4399a69ad108879df500b3d8f882ca014cf96cc4ef60
Instruction Fuzzy Hash: 9311C1B2504309AFDB18EF54DC8AD6ABBFDFB44B54B24852EE05693641EB70BC418A60

Function 0083D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0083D608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0083D645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0083D650

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 2c0159cb034bbc56c47f602d54026fdc6550204c470df70eca04ce7347a1cc8c
Instruction ID: b532bf203b324693056bf32bca681d7f2deb90c6d1028b785c47d9fed2178633
Opcode Fuzzy Hash: 2c0159cb034bbc56c47f602d54026fdc6550204c470df70eca04ce7347a1cc8c
Instruction Fuzzy Hash: 17113C75E05228BBDB108F95EC45FAFBBBCFB85B50F108115F914E7290D6B05A058BE1

Function 00831663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0083168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008316A1
FreeSid.ADVAPI32(?), ref: 008316B1

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: d6fbf2ea850c8917f5b846fb9fa9dbfa84125726c14533c64ba40ad12cb9d351
Instruction ID: 5e2feecb5096c8d62124e64203b02c8e12ba0a6330c4cd56f6d8878f0bd86d00
Opcode Fuzzy Hash: d6fbf2ea850c8917f5b846fb9fa9dbfa84125726c14533c64ba40ad12cb9d351
Instruction Fuzzy Hash: 7BF0F471950309FBDF00DFE49D89EAEBBBCFB08604F505565E501E2181E774AA448A51

Function 007F4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(008028E9,?,007F4CBE,008028E9,008988B8,0000000C,007F4E15,008028E9,00000002,00000000,?,008028E9), ref: 007F4D09
TerminateProcess.KERNEL32(00000000,?,007F4CBE,008028E9,008988B8,0000000C,007F4E15,008028E9,00000002,00000000,?,008028E9), ref: 007F4D10
ExitProcess.KERNEL32 ref: 007F4D22

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 9aac5f8ee320f9e9dca371b24d31fa69c72b9c42f3dab0f0e04cae924e7e70b0
Instruction ID: 433c80882f9422c90227bab89fa1846ec56190dfd2ca64c4c5c1c6471c6b4921
Opcode Fuzzy Hash: 9aac5f8ee320f9e9dca371b24d31fa69c72b9c42f3dab0f0e04cae924e7e70b0
Instruction Fuzzy Hash: E9E0B631100548ABDF11AF64DE09A6A3F69FB85791B114014FE558A322DB79DD42DA80

Function 0082D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 0082D28C

Strings

X64, xrefs: 0082D2A8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 60e8b11bf0617975f8b534403c2b780f677082b42f0ed63adb5b4b7ce188d013
Instruction ID: bc59e63bd6f2f6bdbd15a15d3223865393319cf33336839430f420ae0db1ceb9
Opcode Fuzzy Hash: 60e8b11bf0617975f8b534403c2b780f677082b42f0ed63adb5b4b7ce188d013
Instruction Fuzzy Hash: C0D0C9B480112DEACB90CB90EC88DD9B77CFB14305F100151F106E2000D77495488F20

Function 007FCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: 83b4e6c9ca5284a7ce3d4aaf3abdfc871eaeaa6075712e52c469b85c2348a0b8
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: 6A021B72E0021D9BDF15CFA9C9806ADFBF5EF48314F258169D919E7380D735AA41CB90

Function 008468EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00846918
FindClose.KERNEL32(00000000), ref: 00846961

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3c94ab56d564665a1c0b8c480002deda4b33bc8660c2ff68d7d878f57418ce2e
Instruction ID: 8c31b19385ba77e1fc637f713b216e7bbf34d6535f193fd658c110087a890b5d
Opcode Fuzzy Hash: 3c94ab56d564665a1c0b8c480002deda4b33bc8660c2ff68d7d878f57418ce2e
Instruction Fuzzy Hash: AD1190316142059FC710DF29D488A26BBE5FF85328F15C69AE8698F3A2D774EC05CB91

Function 008437B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00854891,?,?,00000035,?), ref: 008437E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00854891,?,?,00000035,?), ref: 008437F4

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 0aae1e7644c3f27e58c793dbbe07e40be7c1eb91418693a163abf7b25ff95597
Instruction ID: 7a3ceae9f647ec94a2af183adf4beb06da045be0c061744ad967159cdd73bdab
Opcode Fuzzy Hash: 0aae1e7644c3f27e58c793dbbe07e40be7c1eb91418693a163abf7b25ff95597
Instruction Fuzzy Hash: 13F0E5B06052286AEB2017768C4DFEB3AAEFFC4765F000175F609D2381D9A09944C6B0

Function 0083B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0083B25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0083B270

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 077eeba6b746a2e09d226266fc345d412216440383514138552811ec80cc3682
Instruction ID: e5f5de33106e2c14c86d65d9d4acd04c0386cd3134d59fd4113a698ff3a652a6
Opcode Fuzzy Hash: 077eeba6b746a2e09d226266fc345d412216440383514138552811ec80cc3682
Instruction Fuzzy Hash: EEF01D7180428DABDB059FA5C806BBE7BB4FF04309F00910AF965A6192C7B986119F94

Function 008310BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008311FC), ref: 008310D4
CloseHandle.KERNEL32(?,?,008311FC), ref: 008310E9

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: d97f3946d57dd353b31dd2964eab32e2a2d210376ea23bdd2792483f8ab0532e
Instruction ID: 3723526dc2457bac53327ef882c8903e9a6669d36a3955773ef12848303a072f
Opcode Fuzzy Hash: d97f3946d57dd353b31dd2964eab32e2a2d210376ea23bdd2792483f8ab0532e
Instruction Fuzzy Hash: 17E04F32008A40EEE7252B12FC09E777BA9FB04310F10882DF4A5804B1DBA26C90DB50

Function 007DCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00820C40

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: c24e8888c4a801b1fddfecc6fa283859134fa363b0b6e986cca67f7946474191
Instruction ID: 346c4c7627eaa668118f1021e46ef999e769af1139091658fefa11c13f56de19
Opcode Fuzzy Hash: c24e8888c4a801b1fddfecc6fa283859134fa363b0b6e986cca67f7946474191
Instruction Fuzzy Hash: D832AC74900229DBCF15DF94D985AEDB7B5FF05304F24405AE806AB392CB79AE85CF60

Function 0080676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00806766,?,?,00000008,?,?,0080FEFE,00000000), ref: 00806998

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: c70616610653456740802fdc9b7857ec40c6040c7653e044cfea638ad4350836
Instruction ID: e87f0aaa439b0d12b62f374301cd7b70bcc7f75409378d298b5d8fa414921166
Opcode Fuzzy Hash: c70616610653456740802fdc9b7857ec40c6040c7653e044cfea638ad4350836
Instruction Fuzzy Hash: 27B13B316106099FD755CF28C88AB657BE0FF45368F29C658E899CF2E2D335E9A1CB40

Function 007EB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 0082851F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 82e57052542eadd7fe5adb1bae70d644f91411bbf06b4dfde7e797f4ea329315
Instruction ID: 14cae6deb2dc8f68ea6036cc8619ea70a54fd6e81502a34f6aacd3fcdb3e283c
Opcode Fuzzy Hash: 82e57052542eadd7fe5adb1bae70d644f91411bbf06b4dfde7e797f4ea329315
Instruction Fuzzy Hash: 29126E71901269DBCF24CF59D8816EEBBF5FF48710F14819AE809EB255EB349A81CF90

Function 0084EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 0084EABD

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 116f14271b18832bace35559691867f0414554a3b5d9f305b3a1f02ac80dfc7b
Instruction ID: 9b2879cdb45a16cd0ca813b629fa0479ee30a809932c4a420e6ea44c022fa384
Opcode Fuzzy Hash: 116f14271b18832bace35559691867f0414554a3b5d9f305b3a1f02ac80dfc7b
Instruction Fuzzy Hash: C0E012312002159FC710DF59D404D9AB7E9FF68760F018416FD45C7351D674A8408B90

Function 007F09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007F03EE), ref: 007F09DA

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: b552addf20330cf8d42d68819f339229e21053600cc1c4a6446b85ee5f1886ea
Instruction ID: c8e7264fe397d75236044329f21401e49a225a62a07a965625f43262a32f7b1b
Opcode Fuzzy Hash: b552addf20330cf8d42d68819f339229e21053600cc1c4a6446b85ee5f1886ea
Instruction Fuzzy Hash:

Function 007F781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 007F798B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 122144c297cb885f0e1e231926b7ef8ba5ccda8bf41e41a4a5bf2c2f5b9a2280
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: 4C51797160C70D9BDB3C8A6C889E7BE67D99B12380F184509DB82DB382C65DEE42D352

Function 00806DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c77dcd0aee6d30ef000f0c2b05d089f6bbe2bccc2f4015dded1dfd7646a1331
Instruction ID: 7e735532dd6a9a9620477141ba706c97cc0ec39d65d84f0a56783ca79cbac4cc
Opcode Fuzzy Hash: 4c77dcd0aee6d30ef000f0c2b05d089f6bbe2bccc2f4015dded1dfd7646a1331
Instruction Fuzzy Hash: 84320022D29F014DD7639634CC26325A649FFB73C5F15D737E82AB5AAAEB29D4C34100

Function 007ECC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff95460d200379b997138f195a66718bd21c3f5aad7260acb0aeb3a012db5600
Instruction ID: c73742dbbe2416926d0311453baa5b49bb1958763a20496a31db550798b2578d
Opcode Fuzzy Hash: ff95460d200379b997138f195a66718bd21c3f5aad7260acb0aeb3a012db5600
Instruction Fuzzy Hash: DA322775A001B98BCF25CF29E490A7D7BA1FB49314F38816AE44ADB2A1D334DDC2DB51

Function 007D7920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7336faa2f70a44a4a310056c0de3b0caac652bec065aacf6345146d81ad09607
Instruction ID: 9f6914850b26696d2134dd828959ff868aefe43f283a71b20f4348b491a7f1fe
Opcode Fuzzy Hash: 7336faa2f70a44a4a310056c0de3b0caac652bec065aacf6345146d81ad09607
Instruction Fuzzy Hash: 6B229FB0A00609DFDF14DF64D885AEEB7B6FF84304F14462AE816E7391E73AA951CB50

Function 007D91C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e95878a59834952e079c33a3b8eaea193c30492402902bc1bd6cf573558a6df4
Instruction ID: b62f0879ebc75abe23ed3c83dd2402006b64bb0ab40409b27b16718017de03d9
Opcode Fuzzy Hash: e95878a59834952e079c33a3b8eaea193c30492402902bc1bd6cf573558a6df4
Instruction Fuzzy Hash: 5C02C5B1E0020AEBDB04DF64D885AAEB7B5FF54304F148169E906DB391EB35AE50CBD1

Function 00809EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ded09401fdc5f6c62a1345836ae1bc80e349efa4564bf31e68dc066acb71aab7
Instruction ID: 5d6931856cc51f34ad5353135621641796cced849ae7a0990e3e7509c68ed293
Opcode Fuzzy Hash: ded09401fdc5f6c62a1345836ae1bc80e349efa4564bf31e68dc066acb71aab7
Instruction Fuzzy Hash: CCB1F020D2AF414DC22396399835336B64CBFBB2C5F91D31BFC1A74E66EB2286C35142

Function 007F1C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: 39f930a101bb129e87250b956ff467131e5f4799d4802a777cb5e0622e6ed232
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 619189322080E78ADB29863E857403DFFF15A523B2B5A079DD5F2CA3C5FE18D954D620

Function 007F1F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 1aef4e8b2e4a8c3f0dc9a9aefc95be1a37bd5c8e35ddc639507d887d71b9c3d8
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: C39199732090EB49DB6D423E847403DFFE15A923A171A079DD6F2CB2C6EE28D955E620

Function 007F19B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: 8a9195f4c77b99e21a10af909d5342df17ceddee30e8e038d80cff7d9863b7d7
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: F791B5722090E7CEDB2D427E847403DFFE15A923A2B5A479ED5F2CA2C1FD18D554D620

Function 007F7A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60b04304180f4988d125a78d4f74dc041f2013c7ffaad1da1a4cfef8c6894916
Instruction ID: 6ea40b68e94a1973d9bd815c2adffe9e9873642de09b615391574b10098e0715
Opcode Fuzzy Hash: 60b04304180f4988d125a78d4f74dc041f2013c7ffaad1da1a4cfef8c6894916
Instruction Fuzzy Hash: 18615BB120C74DD6EE3C9A2C8C99BBE2398DF42710F14491EEB42DB381D65D9E42C366

Function 007F7CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c54422869cea31ccfa8243d3bd3680f9ba7660831aa601aa4b26e6331c4ff529
Instruction ID: 865c5865079023dd433276e01e649c107acda98af9e1d503d031be845b2d5998
Opcode Fuzzy Hash: c54422869cea31ccfa8243d3bd3680f9ba7660831aa601aa4b26e6331c4ff529
Instruction Fuzzy Hash: 6D617B3170C70D97DE3C8A285896BBF2389EF42704F90495AEB42DF381DA5EAD42C356

Function 007F1706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: 79f0c629a27db7b9ce208fb1308dc0eb90ae58a7305fabc89c961677a6f9678f
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: 1F8184326080E78DDB2D827A853403EFFE15A923B1B5A079DD5F6CB3C1EE28D554E660

Function 00842046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 704ad2514af668cc05ae5ff3e948e1fcf7e4942540b19aeafd400948372e506c
Instruction ID: 79a9e53ce2068e4f66f8a5ec2927846b83d866efeda8a92930cf5c669690c8be
Opcode Fuzzy Hash: 704ad2514af668cc05ae5ff3e948e1fcf7e4942540b19aeafd400948372e506c
Instruction Fuzzy Hash: AF21A5326216158BDB38CF79C82267A73E5F764320F55862EE4A7C37D0DE79A904CB80

Function 00852ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00852B30
DeleteObject.GDI32(00000000), ref: 00852B43
DestroyWindow.USER32 ref: 00852B52
GetDesktopWindow.USER32 ref: 00852B6D
GetWindowRect.USER32(00000000), ref: 00852B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00852CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00852CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852CF8
GetClientRect.USER32(00000000,?), ref: 00852D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00852D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852D80
GlobalLock.KERNEL32(00000000), ref: 00852D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852D98
GlobalUnlock.KERNEL32(00000000), ref: 00852DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852DA8
GlobalFree.KERNEL32(00000000), ref: 00852DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,0086FC38,00000000), ref: 00852DDB
GlobalFree.KERNEL32(00000000), ref: 00852DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00852E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00852E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00852E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0085303F

Strings

, xrefs: 00852FC5
AutoIt v3, xrefs: 00852CF2
static, xrefs: 00852D3A, 00852E91
DISPLAY, xrefs: 00852EA2

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 978bc3edb4a9f9298350cb1e2fdbaaf8aac9a8aecfc32ed43b7e228389254e9f
Instruction ID: ae56c2a66f0be0d359cbe74050d8992accedaaa279fa380d19479e99d6375102
Opcode Fuzzy Hash: 978bc3edb4a9f9298350cb1e2fdbaaf8aac9a8aecfc32ed43b7e228389254e9f
Instruction Fuzzy Hash: 01027871A00209EFDB14DFA4DC89EAE7BB9FB49311F018159F915EB2A1DB74AD04CB60

Function 008670D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 0086712F
GetSysColorBrush.USER32(0000000F), ref: 00867160
GetSysColor.USER32(0000000F), ref: 0086716C
SetBkColor.GDI32(?,000000FF), ref: 00867186
SelectObject.GDI32(?,?), ref: 00867195
InflateRect.USER32(?,000000FF,000000FF), ref: 008671C0
GetSysColor.USER32(00000010), ref: 008671C8
CreateSolidBrush.GDI32(00000000), ref: 008671CF
FrameRect.USER32(?,?,00000000), ref: 008671DE
DeleteObject.GDI32(00000000), ref: 008671E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00867230
FillRect.USER32(?,?,?), ref: 00867262
GetWindowLongW.USER32(?,000000F0), ref: 00867284

Part of subcall function 008673E8: GetSysColor.USER32(00000012), ref: 00867421
Part of subcall function 008673E8: SetTextColor.GDI32(?,?), ref: 00867425
Part of subcall function 008673E8: GetSysColorBrush.USER32(0000000F), ref: 0086743B
Part of subcall function 008673E8: GetSysColor.USER32(0000000F), ref: 00867446
Part of subcall function 008673E8: GetSysColor.USER32(00000011), ref: 00867463
Part of subcall function 008673E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00867471
Part of subcall function 008673E8: SelectObject.GDI32(?,00000000), ref: 00867482
Part of subcall function 008673E8: SetBkColor.GDI32(?,00000000), ref: 0086748B
Part of subcall function 008673E8: SelectObject.GDI32(?,?), ref: 00867498
Part of subcall function 008673E8: InflateRect.USER32(?,000000FF,000000FF), ref: 008674B7
Part of subcall function 008673E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008674CE
Part of subcall function 008673E8: GetWindowLongW.USER32(00000000,000000F0), ref: 008674DB

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: f146b5f40ebf6f7a17491807cea20d20f0019d235338407b0a9186a1812b6dc0
Instruction ID: 6ad0e1f72cdd5f1886f730659112e9c6c54fdf6afc3e0089febf4f8e43a507bf
Opcode Fuzzy Hash: f146b5f40ebf6f7a17491807cea20d20f0019d235338407b0a9186a1812b6dc0
Instruction Fuzzy Hash: 2FA1B172008301EFDB019F60DC49E6B7BA9FF49324F111A19FAA2D61E1D7B5E944CB92

Function 007E8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 007E8E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00826AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00826AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00826F43

Part of subcall function 007E8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007E8BE8,?,00000000,?,?,?,?,007E8BBA,00000000,?), ref: 007E8FC5

SendMessageW.USER32(?,00001053), ref: 00826F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00826F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00826FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00826FB7

Strings

0, xrefs: 00826DCF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: 90dd9e3b137c36f0eac4acb1bb0b492bcc47baa1312d8d7dbee05dfd9bd5138f
Instruction ID: a401b76d3064870bfb01b9ad9598859e5c03767a4dc918ef5cd891eee863cb23
Opcode Fuzzy Hash: 90dd9e3b137c36f0eac4acb1bb0b492bcc47baa1312d8d7dbee05dfd9bd5138f
Instruction Fuzzy Hash: E712DE34201261DFDB25DF24E848BA6BBE1FF49310F584069F489CB661DB35ECA1CB92

Function 00852711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 0085273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0085286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008528A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008528B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00852900
GetClientRect.USER32(00000000,?), ref: 0085290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00852955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00852964
GetStockObject.GDI32(00000011), ref: 00852974
SelectObject.GDI32(00000000,00000000), ref: 00852978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00852988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00852991
DeleteDC.GDI32(00000000), ref: 0085299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008529C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 008529DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00852A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00852A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00852A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00852A77
GetStockObject.GDI32(00000011), ref: 00852A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00852A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00852A97

Strings

AutoIt v3, xrefs: 008528F8
static, xrefs: 0085294F, 00852A71
DISPLAY, xrefs: 0085295A
msctls_progress32, xrefs: 00852A13

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 366a31ed82b9eb89c506611523469fbc521b3d1202b2573fc7e747e92d0a9efe
Instruction ID: a26443f3b851865ebabd85bd1657551a53ba2912501395053a27ba3441789f49
Opcode Fuzzy Hash: 366a31ed82b9eb89c506611523469fbc521b3d1202b2573fc7e747e92d0a9efe
Instruction Fuzzy Hash: D3B14B71A00219AFEB14DFA8DC49FAE7BB9FB09711F018115F915E7690DBB4AD40CBA0

Function 00844ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00844AED
GetDriveTypeW.KERNEL32(?,0086CB68,?,\\.\,0086CC08), ref: 00844BCA
SetErrorMode.KERNEL32(00000000,0086CB68,?,\\.\,0086CC08), ref: 00844D36

Strings

FileBackedVirtual, xrefs: 00844CEC
Fixed, xrefs: 00844C09
SSD, xrefs: 00844C4A
Fibre, xrefs: 00844CAD
USB, xrefs: 00844CB4
RAMDisk, xrefs: 00844BF4
iSCSI, xrefs: 00844CC2
\\.\, xrefs: 00844B3F
PhysicalDrive, xrefs: 00844B76
SAS, xrefs: 00844CC9
Network, xrefs: 00844C02
1394, xrefs: 00844C9F
Removable, xrefs: 00844C10, 00844C15
CDROM, xrefs: 00844BFB
SSA, xrefs: 00844CA6
SATA, xrefs: 00844CD0
ATA, xrefs: 00844C98
MMC, xrefs: 00844CDE
Virtual, xrefs: 00844CE5
SCSI, xrefs: 00844C8A
Unknown, xrefs: 00844BED, 00844C83
RAID, xrefs: 00844CBB
ATAPI, xrefs: 00844C91

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 4bb8f83244a56004af4515314e345e7d5817e33cb78c994a9970dc33e3d8ff12
Instruction ID: 19392841a8517a64945fab353e8c5123469cba3d6bdbaf89b2d0c028c4d9688f
Opcode Fuzzy Hash: 4bb8f83244a56004af4515314e345e7d5817e33cb78c994a9970dc33e3d8ff12
Instruction Fuzzy Hash: 1B619F3060520DDBCF04EB64CAC6A68B7B0FB44349B285016F816EB791EB3ADD51DB91

Function 008673E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00867421
SetTextColor.GDI32(?,?), ref: 00867425
GetSysColorBrush.USER32(0000000F), ref: 0086743B
GetSysColor.USER32(0000000F), ref: 00867446
CreateSolidBrush.GDI32(?), ref: 0086744B
GetSysColor.USER32(00000011), ref: 00867463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00867471
SelectObject.GDI32(?,00000000), ref: 00867482
SetBkColor.GDI32(?,00000000), ref: 0086748B
SelectObject.GDI32(?,?), ref: 00867498
InflateRect.USER32(?,000000FF,000000FF), ref: 008674B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008674CE
GetWindowLongW.USER32(00000000,000000F0), ref: 008674DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0086752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00867554
InflateRect.USER32(?,000000FD,000000FD), ref: 00867572
DrawFocusRect.USER32(?,?), ref: 0086757D
GetSysColor.USER32(00000011), ref: 0086758E
SetTextColor.GDI32(?,00000000), ref: 00867596
DrawTextW.USER32(?,008670F5,000000FF,?,00000000), ref: 008675A8
SelectObject.GDI32(?,?), ref: 008675BF
DeleteObject.GDI32(?), ref: 008675CA
SelectObject.GDI32(?,?), ref: 008675D0
DeleteObject.GDI32(?), ref: 008675D5
SetTextColor.GDI32(?,?), ref: 008675DB
SetBkColor.GDI32(?,?), ref: 008675E5

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: ccc28f03058f2d656e6bbdfc8e4b12af4be71a672888696a6f4852b13d3e165c
Instruction ID: 588a844755e157a4a807ef1de61b3f1084057148cada31f78b06a3410d24cd0c
Opcode Fuzzy Hash: ccc28f03058f2d656e6bbdfc8e4b12af4be71a672888696a6f4852b13d3e165c
Instruction Fuzzy Hash: 69616D72900218AFDF019FA4DC49EAE7FB9FF09320F125125F915AB2A1D7B49940CF90

Function 00860FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00861128
GetDesktopWindow.USER32 ref: 0086113D
GetWindowRect.USER32(00000000), ref: 00861144
GetWindowLongW.USER32(?,000000F0), ref: 00861199
DestroyWindow.USER32(?), ref: 008611B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 008611ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0086120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0086121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00861232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00861245
IsWindowVisible.USER32(00000000), ref: 008612A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 008612BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 008612D0
GetWindowRect.USER32(00000000,?), ref: 008612E8
MonitorFromPoint.USER32(?,?,00000002), ref: 0086130E
GetMonitorInfoW.USER32(00000000,?), ref: 00861328
CopyRect.USER32(?,?), ref: 0086133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 008613AA

Strings

tooltips_class32, xrefs: 008611E6
0, xrefs: 008610D3
(, xrefs: 0086131B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: ec530ec54d4356abe326d81ffa0437541ff2cb522ca672665d553ae975316a28
Instruction ID: 438e3b7692495e6ad3d20a5238795bcfd3d8c43812a2a0ba24553beaafb08e4f
Opcode Fuzzy Hash: ec530ec54d4356abe326d81ffa0437541ff2cb522ca672665d553ae975316a28
Instruction Fuzzy Hash: DFB18A71604341AFDB00DF64C988B6ABBE4FF88344F05891DF99ADB262C771E844CB92

Function 007E8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007E8968
GetSystemMetrics.USER32(00000007), ref: 007E8970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007E899B
GetSystemMetrics.USER32(00000008), ref: 007E89A3
GetSystemMetrics.USER32(00000004), ref: 007E89C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007E89E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007E89F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 007E8A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007E8A3C
GetClientRect.USER32(00000000,000000FF), ref: 007E8A5A
GetStockObject.GDI32(00000011), ref: 007E8A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 007E8A81

Part of subcall function 007E912D: GetCursorPos.USER32(?), ref: 007E9141
Part of subcall function 007E912D: ScreenToClient.USER32(00000000,?), ref: 007E915E
Part of subcall function 007E912D: GetAsyncKeyState.USER32(00000001), ref: 007E9183
Part of subcall function 007E912D: GetAsyncKeyState.USER32(00000002), ref: 007E919D

SetTimer.USER32(00000000,00000000,00000028,007E90FC), ref: 007E8AA8

Strings

AutoIt v3 GUI, xrefs: 007E8A20

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 0c31a4c0cd6661489ac1b8aa36d9773a8222f49fb842aedc1c9c3ce22723588a
Instruction ID: 6df72e99b78c4fcf9bc208b9dcd2fcc11dbf7fefa233aa3a00405dbf3040b2d3
Opcode Fuzzy Hash: 0c31a4c0cd6661489ac1b8aa36d9773a8222f49fb842aedc1c9c3ce22723588a
Instruction Fuzzy Hash: EDB18A75A0024ADFDF14DFA8DC49BAE7BB4FB48314F118229FA15E7290DB78A850CB51

Function 00830D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00831114
Part of subcall function 008310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831120
Part of subcall function 008310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 0083112F
Part of subcall function 008310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831136
Part of subcall function 008310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0083114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00830DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00830E29
GetLengthSid.ADVAPI32(?), ref: 00830E40
GetAce.ADVAPI32(?,00000000,?), ref: 00830E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00830E96
GetLengthSid.ADVAPI32(?), ref: 00830EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00830EB5
HeapAlloc.KERNEL32(00000000), ref: 00830EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00830EDD
CopySid.ADVAPI32(00000000), ref: 00830EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00830F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00830F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00830F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830F6E
HeapFree.KERNEL32(00000000), ref: 00830F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830F7E
HeapFree.KERNEL32(00000000), ref: 00830F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00830F8E
HeapFree.KERNEL32(00000000), ref: 00830F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00830FA1
HeapFree.KERNEL32(00000000), ref: 00830FA8

Part of subcall function 00831193: GetProcessHeap.KERNEL32(00000008,00830BB1,?,00000000,?,00830BB1,?), ref: 008311A1
Part of subcall function 00831193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00830BB1,?), ref: 008311A8
Part of subcall function 00831193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00830BB1,?), ref: 008311B7

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 45bfac92e8d2915ed59ab8ca4e911868e3ae0c3875ebd54a7c72464756ff2daa
Instruction ID: 0e07e549932769c2509471493747a8e80269551eee3b76a76875450fabcead26
Opcode Fuzzy Hash: 45bfac92e8d2915ed59ab8ca4e911868e3ae0c3875ebd54a7c72464756ff2daa
Instruction Fuzzy Hash: 5C715B7290420AEBDF209FA4DC48FAEBBB8FF45700F054115FA99E6191DB719905CFA0

Function 0085C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0085C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,0086CC08,00000000,?,00000000,?,?), ref: 0085C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0085C5A4
_wcslen.LIBCMT ref: 0085C5F4
_wcslen.LIBCMT ref: 0085C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0085C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0085C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0085C84D
RegCloseKey.ADVAPI32(?), ref: 0085C881
RegCloseKey.ADVAPI32(00000000), ref: 0085C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0085C960

Strings

REG_SZ, xrefs: 0085C644
REG_MULTI_SZ, xrefs: 0085C6F5
REG_EXPAND_SZ, xrefs: 0085C5CD
REG_QWORD, xrefs: 0085C8C3
REG_BINARY, xrefs: 0085C913
REG_DWORD, xrefs: 0085C804

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 6e0548e5e49221e8e7053f03f7739ad0114c9dbde52a3944a5143bc5fc5ad1b5
Instruction ID: 9b1bb5b6851c130945dbcde97a158905d0ccbc86c0395fef9d06bfdc838419fa
Opcode Fuzzy Hash: 6e0548e5e49221e8e7053f03f7739ad0114c9dbde52a3944a5143bc5fc5ad1b5
Instruction Fuzzy Hash: D9124535604201DFCB14DF14C885A2AB7E5FF88715F08889DF88A9B3A2DB35ED45CB92

Function 0086091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 008609C6
_wcslen.LIBCMT ref: 00860A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00860A54
_wcslen.LIBCMT ref: 00860A8A
_wcslen.LIBCMT ref: 00860B06
_wcslen.LIBCMT ref: 00860B81

Part of subcall function 007EF9F2: _wcslen.LIBCMT ref: 007EF9FD

Part of subcall function 00832BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00832BFA

Strings

ISCHECKED, xrefs: 00860CE1
EXISTS, xrefs: 00860B7C, 00860B97
COLLAPSE, xrefs: 00860B01, 00860B1C
UNCHECK, xrefs: 00860D3E
SELECT, xrefs: 00860D11
GETTOTALCOUNT, xrefs: 008609F2, 00860A17
EXPAND, xrefs: 00860BF8
GETITEMCOUNT, xrefs: 00860C1E
CHECK, xrefs: 00860A85, 00860AA0
GETTEXT, xrefs: 00860C97
GETSELECTED, xrefs: 00860C4E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: eb81fd6babac40b287e96e1b06bcf391e9517c635e648575f9862feb062ed311
Instruction ID: 2a50f21a4a0dbd202ffde777a878fb39d70d79c01d732e731aaba6a9d565f497
Opcode Fuzzy Hash: eb81fd6babac40b287e96e1b06bcf391e9517c635e648575f9862feb062ed311
Instruction Fuzzy Hash: 22E17A31208301DFCB14EF68C45092AB7E2FF98358B168A5DF8969B362D735ED45CB86

Function 0085C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,0085B6AE,?,?), ref: 0085C9B5
_wcslen.LIBCMT ref: 0085C9F1
_wcslen.LIBCMT ref: 0085CA68
_wcslen.LIBCMT ref: 0085CA9E
_wcslen.LIBCMT ref: 0085CAF9
_wcslen.LIBCMT ref: 0085CB2F
_wcslen.LIBCMT ref: 0085CB7F

Strings

HKEY_USERS, xrefs: 0085CBDF
HKLM, xrefs: 0085CA98, 0085CA9D
HKEY_CURRENT_CONFIG, xrefs: 0085CB79, 0085CB7E
HKU, xrefs: 0085CBF0
HKCC, xrefs: 0085CBAC
HKEY_LOCAL_MACHINE, xrefs: 0085CA62, 0085CA67
HKCU, xrefs: 0085CBCE
HKEY_CURRENT_USER, xrefs: 0085CBBD
HKEY_CLASSES_ROOT, xrefs: 0085CAF3, 0085CAF8
HKCR, xrefs: 0085CB29, 0085CB2E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 6a5acea7056316aa4cbb525f7115632bd4b0ec3594b496089b0a8cfb2725905b
Instruction ID: a4d4675c57d038ece6de169e8692a0d1af8a03d6da9883c3d0b7b4123adc3a54
Opcode Fuzzy Hash: 6a5acea7056316aa4cbb525f7115632bd4b0ec3594b496089b0a8cfb2725905b
Instruction Fuzzy Hash: 5671047260022A8FCF20DE68CD415BF37A1FBA0766B150128FC66E7284E634DD4CCBA1

Function 0086833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0086835A
_wcslen.LIBCMT ref: 0086836E
_wcslen.LIBCMT ref: 00868391
_wcslen.LIBCMT ref: 008683B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 008683F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0086361A,?), ref: 0086844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00868487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 008684CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00868501
FreeLibrary.KERNEL32(?), ref: 0086850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0086851D
DestroyIcon.USER32(?), ref: 0086852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00868549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00868555

Strings

.icl, xrefs: 00868368
.exe, xrefs: 00868388
.dll, xrefs: 008683AB

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: e0c055d074c66995dad940fb43eead7b1a611c54759728f7919680416d2bbe10
Instruction ID: 86043e3be8e7e87a4af397cc2e6c70f078170b8ad60330f42571df23038ce5e5
Opcode Fuzzy Hash: e0c055d074c66995dad940fb43eead7b1a611c54759728f7919680416d2bbe10
Instruction Fuzzy Hash: FA61BF71540219FAEB14DF64CC49BBF77A8FB04B11F11460AF91AE62D1DFB4AA50CBA0

Function 007D7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

#requireadmin, xrefs: 007D77FF
#OnAutoItStartRegister, xrefs: 007D7817
Cannot parse #include, xrefs: 00815279
#pragma compile, xrefs: 007D77D3
#include-once, xrefs: 007D782F
#cs, xrefs: 007D7873, 007D78C5
#include, xrefs: 007D7847
", xrefs: 00815153
Bad directive syntax error, xrefs: 0081519A
', xrefs: 00815169
#comments-start, xrefs: 007D785F, 007D78B1
#notrayicon, xrefs: 007D77E7
#comments-end, xrefs: 007D78D9
#ce, xrefs: 007D78ED
Unterminated group of comments, xrefs: 0081528C

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: fff95d8250cb925244151b1bd0a10e1d87c6bf12b6a6e45e9e2a4325b0381818
Instruction ID: 5e1f97a3854ad6b66953b6b736bfb6189910fba871101a4207fa6aa63b700350
Opcode Fuzzy Hash: fff95d8250cb925244151b1bd0a10e1d87c6bf12b6a6e45e9e2a4325b0381818
Instruction Fuzzy Hash: 5181DF71604605FADB25AF60DC46FAA37B8FF54300F044426FA19AA392FB78DA51C6A1

Function 00843E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00843EF8
_wcslen.LIBCMT ref: 00843F03
_wcslen.LIBCMT ref: 00843F5A
_wcslen.LIBCMT ref: 00843F98
GetDriveTypeW.KERNEL32(?), ref: 00843FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0084401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00844059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00844087

Strings

type cdaudio alias cd wait, xrefs: 00844001
closed, xrefs: 00843F08, 00843F2D, 00843F46, 00843F7E, 00843F97
set cd door , xrefs: 00844028
open , xrefs: 00843FE5
close, xrefs: 00843EFE, 00843F18
wait, xrefs: 00844044
open, xrefs: 00843F54, 00843F59
close cd wait, xrefs: 00844072

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: dc59d8ec7edf510c788fa751e90052b282af3ad2a218713c7f3152832cff7e8d
Instruction ID: 545e6e71b762297d3c0529520a693efa0908bb3142b2aaf85ef9e8f2e2950c52
Opcode Fuzzy Hash: dc59d8ec7edf510c788fa751e90052b282af3ad2a218713c7f3152832cff7e8d
Instruction Fuzzy Hash: 5B71BA726042069FC710EF24C88196AB7F4FF94768F14492EF9A6D3251EB34EE49CB91

Function 00835A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00835A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00835A40
SetWindowTextW.USER32(?,?), ref: 00835A57
GetDlgItem.USER32(?,000003EA), ref: 00835A6C
SetWindowTextW.USER32(00000000,?), ref: 00835A72
GetDlgItem.USER32(?,000003E9), ref: 00835A82
SetWindowTextW.USER32(00000000,?), ref: 00835A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00835AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00835AC3
GetWindowRect.USER32(?,?), ref: 00835ACC
_wcslen.LIBCMT ref: 00835B33
SetWindowTextW.USER32(?,?), ref: 00835B6F
GetDesktopWindow.USER32 ref: 00835B75
GetWindowRect.USER32(00000000), ref: 00835B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00835BD3
GetClientRect.USER32(?,?), ref: 00835BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00835C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00835C2F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: 7624c16edd979d52aa82f215657f50de3983f6b032c588052599d0009c079d9e
Instruction ID: 2d58bcd1a8e176633596ccdde4f8abc4bd98d323ebda294beb1151081116e5b0
Opcode Fuzzy Hash: 7624c16edd979d52aa82f215657f50de3983f6b032c588052599d0009c079d9e
Instruction Fuzzy Hash: 49715E31900B09AFDB20DFA8CE85A6EBBF5FF88715F104918E582E25A0D775E944CB50

Function 0084FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 0084FE27
LoadCursorW.USER32(00000000,00007F8A), ref: 0084FE32
LoadCursorW.USER32(00000000,00007F00), ref: 0084FE3D
LoadCursorW.USER32(00000000,00007F03), ref: 0084FE48
LoadCursorW.USER32(00000000,00007F8B), ref: 0084FE53
LoadCursorW.USER32(00000000,00007F01), ref: 0084FE5E
LoadCursorW.USER32(00000000,00007F81), ref: 0084FE69
LoadCursorW.USER32(00000000,00007F88), ref: 0084FE74
LoadCursorW.USER32(00000000,00007F80), ref: 0084FE7F
LoadCursorW.USER32(00000000,00007F86), ref: 0084FE8A
LoadCursorW.USER32(00000000,00007F83), ref: 0084FE95
LoadCursorW.USER32(00000000,00007F85), ref: 0084FEA0
LoadCursorW.USER32(00000000,00007F82), ref: 0084FEAB
LoadCursorW.USER32(00000000,00007F84), ref: 0084FEB6
LoadCursorW.USER32(00000000,00007F04), ref: 0084FEC1
LoadCursorW.USER32(00000000,00007F02), ref: 0084FECC
GetCursorInfo.USER32(?), ref: 0084FEDC
GetLastError.KERNEL32 ref: 0084FF1E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 92735194f8f398fd061e335a6088a751741f5f319a8d5334a757d01f63dd7af2
Instruction ID: 01fc2ef4ae3aa425bd907875a51df91ceb3f563270f466f16ef380430247350e
Opcode Fuzzy Hash: 92735194f8f398fd061e335a6088a751741f5f319a8d5334a757d01f63dd7af2
Instruction Fuzzy Hash: AE4142B0D04319ABDB109FBA8C8986EBFE8FF04754B54452AF11DE7281DB78A901CE91

Function 007F00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007F00C6

Part of subcall function 007F00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(008A070C,00000FA0,92CBEFD3,?,?,?,?,008123B3,000000FF), ref: 007F011C
Part of subcall function 007F00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,008123B3,000000FF), ref: 007F0127
Part of subcall function 007F00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008123B3,000000FF), ref: 007F0138
Part of subcall function 007F00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 007F014E
Part of subcall function 007F00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 007F015C
Part of subcall function 007F00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 007F016A
Part of subcall function 007F00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007F0195
Part of subcall function 007F00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007F01A0

___scrt_fastfail.LIBCMT ref: 007F00E7

Part of subcall function 007F00A3: __onexit.LIBCMT ref: 007F00A9

Strings

kernel32.dll, xrefs: 007F0133
InitializeConditionVariable, xrefs: 007F0148
SleepConditionVariableCS, xrefs: 007F0154
api-ms-win-core-synch-l1-2-0.dll, xrefs: 007F0122
WakeAllConditionVariable, xrefs: 007F0162

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: c6eb68f0f2eff608ca48afe24724c1629cc4e96d261943a6d8ec49e930a97057
Instruction ID: 6303c909ffef6788940f6b54cb48eb3dec738857836528f8a84504fbc325bee7
Opcode Fuzzy Hash: c6eb68f0f2eff608ca48afe24724c1629cc4e96d261943a6d8ec49e930a97057
Instruction Fuzzy Hash: 9121F932645719ABE7106BA4AC09B7E37D4FB06B51F01013AFA11E3793DFBCA8008AD0

Function 008330F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0083318D
_wcslen.LIBCMT ref: 008331F8

Strings

TEXT, xrefs: 0083347C
INSTANCE, xrefs: 00833453
CLASSNN, xrefs: 008331F3, 00833204
REGEXPCLASS, xrefs: 00833255, 00833266
CLASS, xrefs: 00833188, 008331A5
NAME, xrefs: 00833335, 00833346

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: 2bfca5d3d9f5924261bb713e801e7817dcc6688e5f1ded78e9a3e43ff203a61f
Instruction ID: 3f069a8fdb580bebec28862ccb1483c59c9de6f67c5c618e4f7b46a174bf9dfb
Opcode Fuzzy Hash: 2bfca5d3d9f5924261bb713e801e7817dcc6688e5f1ded78e9a3e43ff203a61f
Instruction Fuzzy Hash: 10E1C232A0051AEBCF159FA8C4556FEBBB0FF94710F54811AE556E7240DB34AE8987D0

Function 008444C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,0086CC08), ref: 00844527
_wcslen.LIBCMT ref: 0084453B
_wcslen.LIBCMT ref: 00844599
_wcslen.LIBCMT ref: 008445F4
_wcslen.LIBCMT ref: 0084463F
_wcslen.LIBCMT ref: 008446A7

Part of subcall function 007EF9F2: _wcslen.LIBCMT ref: 007EF9FD

GetDriveTypeW.KERNEL32(?,00896BF0,00000061), ref: 00844743

Strings

cdrom, xrefs: 0084458F, 00844594
ramdisk, xrefs: 008446F1
network, xrefs: 0084469D, 008446A2
fixed, xrefs: 00844635, 0084463A
removable, xrefs: 008445EA, 008445EF
unknown, xrefs: 00844708
all, xrefs: 00844531, 00844536

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: be9dbd97a2d6ec53784ffefe5e32de578bcb7a054eb0d5caa85cae5246c3be60
Instruction ID: 8c8aea98fc1a022da58dd5bdf0b6691cec616b6ebb431e81d7a29d07f1fd13b9
Opcode Fuzzy Hash: be9dbd97a2d6ec53784ffefe5e32de578bcb7a054eb0d5caa85cae5246c3be60
Instruction Fuzzy Hash: AEB12F3160830A9FC710EF28C890A7AB7E4FFA5724F51591DF596C7292E734D845CBA2

Function 00853FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,0086CC08), ref: 008540BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 008540CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0086CC08), ref: 008540F2
FreeLibrary.KERNEL32(00000000,?,0086CC08), ref: 0085413E
StringFromGUID2.OLE32(?,?,00000028,?,0086CC08), ref: 008541A8
SysFreeString.OLEAUT32(00000009), ref: 00854262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 008542C8
SysFreeString.OLEAUT32(?), ref: 008542F2

Strings

kernel32.dll, xrefs: 008540B6
GetModuleHandleExW, xrefs: 008540C7

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 788b5f6c47d4878d0b289be8e1e96878cb36a75c13baad5c0943871158bace65
Instruction ID: 0c10f77e0fab7d4dc9b74802da82ae2c3498e9a08d5822a988e8a15dce63d375
Opcode Fuzzy Hash: 788b5f6c47d4878d0b289be8e1e96878cb36a75c13baad5c0943871158bace65
Instruction Fuzzy Hash: 17124C75A00119EFDB14CF94C884EAEBBB5FF45319F249098E905DB261D731ED8ACBA0

Function 007D326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(008A1990), ref: 00812F8D
GetMenuItemCount.USER32(008A1990), ref: 0081303D
GetCursorPos.USER32(?), ref: 00813081
SetForegroundWindow.USER32(00000000), ref: 0081308A
TrackPopupMenuEx.USER32(008A1990,00000000,?,00000000,00000000,00000000), ref: 0081309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008130A9

Strings

0, xrefs: 007D327D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: 7b365f77cbbd7bb799595796bc075b220325d58d8c731bf857fdd3ca289ada83
Instruction ID: ed4a0b916b919ea08b27dd5c151211d9fd3c817012c63dc7d721bf4b5f8550f6
Opcode Fuzzy Hash: 7b365f77cbbd7bb799595796bc075b220325d58d8c731bf857fdd3ca289ada83
Instruction Fuzzy Hash: AF710970640205BEEB319F25CC49FEABF78FF05324F204216F515A62E1CBB5A960C791

Function 00866CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00866DEB

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00866E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00866E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00866E94
DestroyWindow.USER32(?), ref: 00866EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,007D0000,00000000), ref: 00866EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00866EFD
GetDesktopWindow.USER32 ref: 00866F16
GetWindowRect.USER32(00000000), ref: 00866F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00866F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00866F4D

Part of subcall function 007E9944: GetWindowLongW.USER32(?,000000EB), ref: 007E9952

Strings

0, xrefs: 00866D98
tooltips_class32, xrefs: 00866E58, 00866EDD

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: f6e27176ed34654eb3c0e8a6abcb2e9c8686e778ece401ffa1bfd66a3be37a2d
Instruction ID: b5c528f150ecfb227b7a8b46f79af5711c3675e08edde79e3c26513029dc0d6e
Opcode Fuzzy Hash: f6e27176ed34654eb3c0e8a6abcb2e9c8686e778ece401ffa1bfd66a3be37a2d
Instruction Fuzzy Hash: 4C718770104284AFEB21CF18DC48ABABBE9FB99304F59041EF999C7260DB75A925CB11

Function 0086911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

DragQueryPoint.SHELL32(?,?), ref: 00869147

Part of subcall function 00867674: ClientToScreen.USER32(?,?), ref: 0086769A
Part of subcall function 00867674: GetWindowRect.USER32(?,?), ref: 00867710
Part of subcall function 00867674: PtInRect.USER32(?,?,00868B89), ref: 00867720

SendMessageW.USER32(?,000000B0,?,?), ref: 008691B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 008691BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 008691DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00869225
SendMessageW.USER32(?,000000B0,?,?), ref: 0086923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00869255
SendMessageW.USER32(?,000000B1,?,?), ref: 00869277
DragFinish.SHELL32(?), ref: 0086927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00869371

Strings

@GUI_DRAGFILE, xrefs: 00869320
@GUI_DROPID, xrefs: 0086929E
@GUI_DRAGID, xrefs: 008692E9

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: 17df6bbccad29d11e37ae3660af4d36e99ef4cf6afb2ca06388fee49bf159687
Instruction ID: 47a3d88768edbb277b049bf12262ee936309eaf0adba2d4f54ea4eebdff827bd
Opcode Fuzzy Hash: 17df6bbccad29d11e37ae3660af4d36e99ef4cf6afb2ca06388fee49bf159687
Instruction Fuzzy Hash: 45614971108301AFD701DF64DC89DABBBF8FB89750F00091EF6A5922A1DB749A49CB52

Function 0084C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0084C4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0084C4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0084C4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0084C4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0084C533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0084C549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0084C554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0084C584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0084C5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0084C5F0
InternetCloseHandle.WININET(00000000), ref: 0084C5FB

Strings

, xrefs: 0084C575

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: 7c7974b4fd9aac7c6b8930ea445c1f2271698e2cc9bf523e7a422c7deab44a21
Instruction ID: 87c155f5047aa058fed3e16aea6b86c3315bc707ec2626cb70ff30f288a46dd4
Opcode Fuzzy Hash: 7c7974b4fd9aac7c6b8930ea445c1f2271698e2cc9bf523e7a422c7deab44a21
Instruction Fuzzy Hash: 01516CB0501208BFDB619FA5C988ABB7BFCFF08754F01851AF985D6210EB74E944DB60

Function 0086856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00868592
GetFileSize.KERNEL32(00000000,00000000), ref: 008685A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 008685AD
CloseHandle.KERNEL32(00000000), ref: 008685BA
GlobalLock.KERNEL32(00000000), ref: 008685C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 008685D7
GlobalUnlock.KERNEL32(00000000), ref: 008685E0
CloseHandle.KERNEL32(00000000), ref: 008685E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 008685F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,0086FC38,?), ref: 00868611
GlobalFree.KERNEL32(00000000), ref: 00868621
GetObjectW.GDI32(?,00000018,000000FF), ref: 00868641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00868671
DeleteObject.GDI32(00000000), ref: 00868699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 008686AF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 1f4cde0ca7867511182f2dbb8825c3d09636034977d6e094a01a874213776753
Instruction ID: 8c0ee03b729cd119e666b5452f9cf51484597667cb4de168864900bc147bd730
Opcode Fuzzy Hash: 1f4cde0ca7867511182f2dbb8825c3d09636034977d6e094a01a874213776753
Instruction Fuzzy Hash: 0D412875600208EFDB119FA5DC4CEAA7BB8FF99B11F124159F95AEB260DB709901CB20

Function 008414BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00841502
VariantCopy.OLEAUT32(?,?), ref: 0084150B
VariantClear.OLEAUT32(?), ref: 00841517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008415FB
VarR8FromDec.OLEAUT32(?,?), ref: 00841657
VariantInit.OLEAUT32(?), ref: 00841708
SysFreeString.OLEAUT32(?), ref: 0084178C
VariantClear.OLEAUT32(?), ref: 008417D8
VariantClear.OLEAUT32(?), ref: 008417E7
VariantInit.OLEAUT32(00000000), ref: 00841823

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00841625
Default, xrefs: 008416AF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 9b68ab470357832e392c65e36a37c829e6eb923344f839efbf85e18f5fa78b8b
Instruction ID: 242e56ca8debf9b197f6f140f768304596f6c0449338067d0e8bd013189e54fe
Opcode Fuzzy Hash: 9b68ab470357832e392c65e36a37c829e6eb923344f839efbf85e18f5fa78b8b
Instruction Fuzzy Hash: 8BD1BD31A0021DEBDF10AF65D88DAB9BBB5FF48704F158056E446EB680DB38E881DB61

Function 0085B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 0085C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0085B6AE,?,?), ref: 0085C9B5
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085C9F1
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA68
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0085B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0085B772
RegDeleteValueW.ADVAPI32(?,?), ref: 0085B80A
RegCloseKey.ADVAPI32(?), ref: 0085B87E
RegCloseKey.ADVAPI32(?), ref: 0085B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 0085B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0085B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 0085B922
FreeLibrary.KERNEL32(00000000), ref: 0085B983
RegCloseKey.ADVAPI32(00000000), ref: 0085B994

Strings

RegDeleteKeyExW, xrefs: 0085B8FE
advapi32.dll, xrefs: 0085B8ED

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: 24285daee3d56f1c4385fb99c761a7c44962b1af0fc3cf2c738d4f514915fecb
Instruction ID: d85137b645c670c0b38d93e1ee4ff839a7c1c1b203ec9e2f03703b195c24bfd6
Opcode Fuzzy Hash: 24285daee3d56f1c4385fb99c761a7c44962b1af0fc3cf2c738d4f514915fecb
Instruction Fuzzy Hash: C5C17B31204201EFD714DF14C495B2ABBE5FF94309F18859DE99A8B3A2CB75EC49CB92

Function 0085255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 008525D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008525E8
CreateCompatibleDC.GDI32(?), ref: 008525F4
SelectObject.GDI32(00000000,?), ref: 00852601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0085266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008526AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008526D0
SelectObject.GDI32(?,?), ref: 008526D8
DeleteObject.GDI32(?), ref: 008526E1
DeleteDC.GDI32(?), ref: 008526E8
ReleaseDC.USER32(00000000,?), ref: 008526F3

Strings

(, xrefs: 0085268D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: fc06c4b02ac5da3999efebaa32e6b28ad32232f2f29d85aa549397a628fc6c89
Instruction ID: 6c4240b24282d9c3df2f951e5b05fa6b295e9fec621c426edc9043eee227a37a
Opcode Fuzzy Hash: fc06c4b02ac5da3999efebaa32e6b28ad32232f2f29d85aa549397a628fc6c89
Instruction Fuzzy Hash: 2861C275D00219EFCF04CFA8D885AAEBBF5FF58310F20852AE955A7250E774A951CF90

Function 0080DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0080DAA1

Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D659
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D66B
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D67D
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D68F
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6A1
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6B3
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6C5
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6D7
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6E9
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D6FB
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D70D
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D71F
Part of subcall function 0080D63C: _free.LIBCMT ref: 0080D731

_free.LIBCMT ref: 0080DA96

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 0080DAB8
_free.LIBCMT ref: 0080DACD
_free.LIBCMT ref: 0080DAD8
_free.LIBCMT ref: 0080DAFA
_free.LIBCMT ref: 0080DB0D
_free.LIBCMT ref: 0080DB1B
_free.LIBCMT ref: 0080DB26
_free.LIBCMT ref: 0080DB5E
_free.LIBCMT ref: 0080DB65
_free.LIBCMT ref: 0080DB82
_free.LIBCMT ref: 0080DB9A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: d221aaea8a0face14a1d2a030a8561422508190393d076870cf9c1a97118f098
Instruction ID: 4b3e038c37f3947ddf00c883df644e602c62581836cf3f487601a93a895efe1b
Opcode Fuzzy Hash: d221aaea8a0face14a1d2a030a8561422508190393d076870cf9c1a97118f098
Instruction Fuzzy Hash: 48314A326043059FEBA1AAB9EC49F6A7BE9FF00320F654429E449D71D1DB75EC40CB21

Function 0083365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 0083369C
_wcslen.LIBCMT ref: 008336A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00833797
GetClassNameW.USER32(?,?,00000400), ref: 0083380C
GetDlgCtrlID.USER32(?), ref: 0083385D
GetWindowRect.USER32(?,?), ref: 00833882
GetParent.USER32(?), ref: 008338A0
ScreenToClient.USER32(00000000), ref: 008338A7
GetClassNameW.USER32(?,?,00000100), ref: 00833921
GetWindowTextW.USER32(?,?,00000400), ref: 0083395D

Strings

%s%u, xrefs: 00833734

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 5ead09ff47f3c2032c53925cef5c31b1d4a469c3c162f142a319279fb9127bef
Instruction ID: 7d31e5716ee9d982b44fb3ef6930f71ad187e797cca2bdb9b330812d55d73cd0
Opcode Fuzzy Hash: 5ead09ff47f3c2032c53925cef5c31b1d4a469c3c162f142a319279fb9127bef
Instruction Fuzzy Hash: BA91B371204606EFD719DF24C885BBAF7A8FF84350F008629FA99C6190DB70EA45CBD1

Function 00834954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00834994
GetWindowTextW.USER32(?,?,00000400), ref: 008349DA
_wcslen.LIBCMT ref: 008349EB
CharUpperBuffW.USER32(?,00000000), ref: 008349F7
_wcsstr.LIBVCRUNTIME ref: 00834A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00834A64
GetWindowTextW.USER32(?,?,00000400), ref: 00834A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00834AE6
GetClassNameW.USER32(?,?,00000400), ref: 00834B20
GetWindowRect.USER32(?,?), ref: 00834B8B

Strings

ThumbnailClass, xrefs: 00834A6F, 00834AF1

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: d0ee00f1836bd7f91a8f263c93d3f66fa724178dd44e0f5b09d10ceb4907add1
Instruction ID: fbdacc9a1dfcc3554b3f169564b21094c55187747c021e7e2f253e13833de065
Opcode Fuzzy Hash: d0ee00f1836bd7f91a8f263c93d3f66fa724178dd44e0f5b09d10ceb4907add1
Instruction Fuzzy Hash: C091DC710042099FDB04DF54C885BBABBE8FF84314F04A46AFE85DA196EB74ED45CBA1

Function 0083BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(008A1990,000000FF,00000000,00000030), ref: 0083BFAC
SetMenuItemInfoW.USER32(008A1990,00000004,00000000,00000030), ref: 0083BFE1
Sleep.KERNEL32(000001F4), ref: 0083BFF3
GetMenuItemCount.USER32(?), ref: 0083C039
GetMenuItemID.USER32(?,00000000), ref: 0083C056
GetMenuItemID.USER32(?,-00000001), ref: 0083C082
GetMenuItemID.USER32(?,?), ref: 0083C0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0083C10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0083C124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0083C145

Strings

0, xrefs: 0083BF3D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: e569353c31d8cb4efc9c2cd82fe497a6312ed321b7e39832cd61894dc126b71f
Instruction ID: ded91e2783af081f2ffab6dac7d4587cb500f05de1b9686e529934299af59f78
Opcode Fuzzy Hash: e569353c31d8cb4efc9c2cd82fe497a6312ed321b7e39832cd61894dc126b71f
Instruction Fuzzy Hash: F7618DB190028AAFDF15CF68DD88ABEBBB8FB85344F004055E951E3291CB75AD05DBA1

Function 0085CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0085CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0085CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0085CD48

Part of subcall function 0085CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0085CCAA
Part of subcall function 0085CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0085CCBD
Part of subcall function 0085CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0085CCCF
Part of subcall function 0085CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0085CD05
Part of subcall function 0085CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0085CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 0085CCF3

Strings

RegDeleteKeyExW, xrefs: 0085CCC9
advapi32.dll, xrefs: 0085CCB8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 9e2a95480fdcaa9885983e7d63e96ad25af08737e6d715315ee68a1dc68cf28d
Instruction ID: 14c1d695c5ce99c27acdb39cd2e002496f074bc446835827eeb9381fa4f3eaa5
Opcode Fuzzy Hash: 9e2a95480fdcaa9885983e7d63e96ad25af08737e6d715315ee68a1dc68cf28d
Instruction Fuzzy Hash: 06318C75901228BFDB219B94DC88EFFBB7CFF06741F010165F906E2240DAB49E499AA0

Function 00843D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00843D40
_wcslen.LIBCMT ref: 00843D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00843D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00843DBE
RemoveDirectoryW.KERNEL32(?), ref: 00843DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00843E55
CloseHandle.KERNEL32(00000000), ref: 00843E60
CloseHandle.KERNEL32(00000000), ref: 00843E6B

Strings

\, xrefs: 00843D77
\??\%s, xrefs: 00843D5B
:, xrefs: 00843D82

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: ba981c75b77c48d20e7e2fc87b385bf425f3f069849fa711e62ad74e502f8219
Instruction ID: 6ce5ead48b56516b227a41d75290e3eaf8e9affd5b87a163ab4d3025d414dde4
Opcode Fuzzy Hash: ba981c75b77c48d20e7e2fc87b385bf425f3f069849fa711e62ad74e502f8219
Instruction Fuzzy Hash: CE31B271900209ABDB209BA0DC49FEF37BCFF89700F1040B5F605D6160EBB497448B24

Function 0083E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 0083E6B4

Part of subcall function 007EE551: timeGetTime.WINMM(?,?,0083E6D4), ref: 007EE555

Sleep.KERNEL32(0000000A), ref: 0083E6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0083E705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0083E727
SetActiveWindow.USER32 ref: 0083E746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0083E754
SendMessageW.USER32(00000010,00000000,00000000), ref: 0083E773
Sleep.KERNEL32(000000FA), ref: 0083E77E
IsWindow.USER32 ref: 0083E78A
EndDialog.USER32(00000000), ref: 0083E79B

Strings

BUTTON, xrefs: 0083E719

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: b55a1d3a6a7057c5d13d21e3115f3db29c71dc2ae08df7c2f7b812997c3567e4
Instruction ID: 175bf9790af69dd8304b2f357a1c267277790549e9e24ca79848b85cf5cbfa46
Opcode Fuzzy Hash: b55a1d3a6a7057c5d13d21e3115f3db29c71dc2ae08df7c2f7b812997c3567e4
Instruction Fuzzy Hash: 33219670240205AFFF219FA4EC9DA353B69F7A6348F111425F556C2AF1DBB59C00CBA5

Function 0083E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0083EA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0083EA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0083EA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0083EA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0083EAA7

Strings

play PlayMe, xrefs: 0083EAA2
alias PlayMe, xrefs: 0083EA36
status PlayMe mode, xrefs: 0083EA58
open , xrefs: 0083EA0C
play PlayMe wait, xrefs: 0083EA91
close PlayMe, xrefs: 0083EA6E, 0083EA9B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: ea606c14962d11e0cd34857354acce400d3e372deae2dc6805def4b212e993d5
Instruction ID: 95da710c978e6f1ee2f2972417a033ef489e474060e08dfe7748a106b9258026
Opcode Fuzzy Hash: ea606c14962d11e0cd34857354acce400d3e372deae2dc6805def4b212e993d5
Instruction Fuzzy Hash: 2A115131A50269B9DB20B7A2DC4AEFF6E7CFBD1B40F04042AB411E22D1EEB45915C5B0

Function 00839F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 0083A012
SetKeyboardState.USER32(?), ref: 0083A07D
GetAsyncKeyState.USER32(000000A0), ref: 0083A09D
GetKeyState.USER32(000000A0), ref: 0083A0B4
GetAsyncKeyState.USER32(000000A1), ref: 0083A0E3
GetKeyState.USER32(000000A1), ref: 0083A0F4
GetAsyncKeyState.USER32(00000011), ref: 0083A120
GetKeyState.USER32(00000011), ref: 0083A12E
GetAsyncKeyState.USER32(00000012), ref: 0083A157
GetKeyState.USER32(00000012), ref: 0083A165
GetAsyncKeyState.USER32(0000005B), ref: 0083A18E
GetKeyState.USER32(0000005B), ref: 0083A19C

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: b58a7fd295a55bc710dc0feb73fde553d55b5c23e83be40118050f33484f1e21
Instruction ID: 0f25eda9804afcb2a0997e91f59ddd5026142cfec26b57f8d143b5638635c08e
Opcode Fuzzy Hash: b58a7fd295a55bc710dc0feb73fde553d55b5c23e83be40118050f33484f1e21
Instruction Fuzzy Hash: 2551B82090478869FB39DB6488157AEBFB4FF52340F08459DD5C2D71C2DA949A4CC7E3

Function 00835CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00835CE2
GetWindowRect.USER32(00000000,?), ref: 00835CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00835D59
GetDlgItem.USER32(?,00000002), ref: 00835D69
GetWindowRect.USER32(00000000,?), ref: 00835D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00835DCF
GetDlgItem.USER32(?,000003E9), ref: 00835DDD
GetWindowRect.USER32(00000000,?), ref: 00835DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00835E31
GetDlgItem.USER32(?,000003EA), ref: 00835E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00835E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00835E67

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: eb930f8fbe14ddf71682072492023bab73fb406c445b06f6049530c193cd89db
Instruction ID: c70fb6daa0da91ce537c15b88a291d9e20177730b9385de4fba561dce0c86dd0
Opcode Fuzzy Hash: eb930f8fbe14ddf71682072492023bab73fb406c445b06f6049530c193cd89db
Instruction Fuzzy Hash: 495110B1B00605AFDF18CF68DD89AAE7BB5FB88301F558129F515E7290D7B49E00CB50

Function 007E8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 007E8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007E8BE8,?,00000000,?,?,?,?,007E8BBA,00000000,?), ref: 007E8FC5

DestroyWindow.USER32(?), ref: 007E8C81
KillTimer.USER32(00000000,?,?,?,?,007E8BBA,00000000,?), ref: 007E8D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00826973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,007E8BBA,00000000,?), ref: 008269A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,007E8BBA,00000000,?), ref: 008269B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,007E8BBA,00000000), ref: 008269D4
DeleteObject.GDI32(00000000), ref: 008269E6

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: ce4813e779be7dfff67d03bbcde79955a7378a27f358ef98429ce0445c189b81
Instruction ID: ca2b1168db82a0174d3510e389dcf30b963c4c11a73c8fa0288a957dbf85e861
Opcode Fuzzy Hash: ce4813e779be7dfff67d03bbcde79955a7378a27f358ef98429ce0445c189b81
Instruction Fuzzy Hash: F461BE30102650DFDF619F16D948B26BBF1FB4A312F24555DE0869AA70CB79ACD0CFA2

Function 007E9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 007E9944: GetWindowLongW.USER32(?,000000EB), ref: 007E9952

GetSysColor.USER32(0000000F), ref: 007E9862

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 0f883cf01d25103500c3fdbb187ae1f9fe6983222ca476ecc630375453c3185e
Instruction ID: da79323291d0be51a6d9988239b6d14c985bd7c412f466db0a9c3e5edd1e6146
Opcode Fuzzy Hash: 0f883cf01d25103500c3fdbb187ae1f9fe6983222ca476ecc630375453c3185e
Instruction Fuzzy Hash: 9E41B032105690AFDB205F3A9C88BB93BA5FB1A330F155615FAA2872F2D7749C81DB11

Function 008396E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0081F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00839717
LoadStringW.USER32(00000000,?,0081F7F8,00000001), ref: 00839720

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0081F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00839742
LoadStringW.USER32(00000000,?,0081F7F8,00000001), ref: 00839745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00839866

Strings

Line %d:, xrefs: 008397A0
Line %d (File "%s"):, xrefs: 0083978F
%s (%d) : ==> %s: %s %s, xrefs: 0083984A
^ ERROR, xrefs: 008397FB
Error: , xrefs: 0083981D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 2c48b7c1cab07585c34e112fb9e67ea6f9d7b0b9ab3631a0cd4aec2a689c55f8
Instruction ID: 1a4cbf73a3bdd75224209cfdc44eb698016c8f903b5bac14958710e7c5e77426
Opcode Fuzzy Hash: 2c48b7c1cab07585c34e112fb9e67ea6f9d7b0b9ab3631a0cd4aec2a689c55f8
Instruction Fuzzy Hash: D2414172900119AADF04FBE4DE4ADEEB778FF55740F100026F605B2191EA796F58CBA1

Function 008306DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008307A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008307BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008307DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00830804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0083082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00830837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0083083C

Strings

\IPC$, xrefs: 00830784
\CLSID, xrefs: 00830724
SOFTWARE\Classes\, xrefs: 0083070E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 6673133792f12e1cd62272f549516f8b45f4d5ff9cbd6ceb09c9dd00b3ee848e
Instruction ID: c95c492da6b15afcd84ac6fc3dad4858a91e89ff8d086e75beb49a44e28b4ba9
Opcode Fuzzy Hash: 6673133792f12e1cd62272f549516f8b45f4d5ff9cbd6ceb09c9dd00b3ee848e
Instruction Fuzzy Hash: AF411872C10229EBDF11EBA4DC999EDB778FF44750F05416AE901A32A1EB749E04CF90

Function 00863F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0086403B
CreateCompatibleDC.GDI32(00000000), ref: 00864042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00864055
SelectObject.GDI32(00000000,00000000), ref: 0086405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00864068
DeleteDC.GDI32(00000000), ref: 00864072
GetWindowLongW.USER32(?,000000EC), ref: 0086407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00864092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0086409E

Strings

static, xrefs: 00863FD3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 7799ea0878f5dfb117332d3fd8dcf42cd60dd961f12495cb6af9ddde897dc8a2
Instruction ID: 15f761449b771b44afd33edd9c5c91d159b680d50e468628cc2de9f64db1a3a9
Opcode Fuzzy Hash: 7799ea0878f5dfb117332d3fd8dcf42cd60dd961f12495cb6af9ddde897dc8a2
Instruction Fuzzy Hash: FB314B32501219ABDF219FA8CC09FEA3B68FF0D324F121215FA69E61A0C7B5D850DB55

Function 00853C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00853C5C
CoInitialize.OLE32(00000000), ref: 00853C8A
CoUninitialize.OLE32 ref: 00853C94
_wcslen.LIBCMT ref: 00853D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00853DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00853ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00853F0E
CoGetObject.OLE32(?,00000000,0086FB98,?), ref: 00853F2D
SetErrorMode.KERNEL32(00000000), ref: 00853F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00853FC4
VariantClear.OLEAUT32(?), ref: 00853FD8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 20de80293038ebc0a70c8148e7019ebce42e84b642c52488bd02a9115f57ab98
Instruction ID: 517aac770418fc73d58b37f4d78b8aca41ef7bb9d4496640420507fa828665d5
Opcode Fuzzy Hash: 20de80293038ebc0a70c8148e7019ebce42e84b642c52488bd02a9115f57ab98
Instruction Fuzzy Hash: 0BC10271608205AFD700DF68C88492AB7F9FF89789F10495DF98ADB211DB71EE09CB52

Function 00847A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00847AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00847B8F
SHGetDesktopFolder.SHELL32(?), ref: 00847BA3
CoCreateInstance.OLE32(0086FD08,00000000,00000001,00896E6C,?), ref: 00847BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00847C74
CoTaskMemFree.OLE32(?,?), ref: 00847CCC
SHBrowseForFolderW.SHELL32(?), ref: 00847D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00847D7A
CoTaskMemFree.OLE32(00000000), ref: 00847D81
CoTaskMemFree.OLE32(00000000), ref: 00847DD6
CoUninitialize.OLE32 ref: 00847DDC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 60ae298c2f40d567cc8e2f253db22822c1c4d5ff885a86d8babf40747f1ad6cb
Instruction ID: 21a2b8877e65ca00af6b8e478677939273c7a61781360d2c5bd69e6a27840503
Opcode Fuzzy Hash: 60ae298c2f40d567cc8e2f253db22822c1c4d5ff885a86d8babf40747f1ad6cb
Instruction Fuzzy Hash: F2C11A75A04109EFCB14DFA4C888DAEBBB9FF48314B1584A9E91ADB361D730ED45CB90

Function 0086541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00865504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00865515
CharNextW.USER32(00000158), ref: 00865544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00865585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0086559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008655AC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 0db35870c64301203f4cab6e491897749c151997f25227e9940f1aed7ae6d787
Instruction ID: bd7f8c4c0bfd6d811c49b81ba92471a2f9d6fd418878393d60eae1814df6ffb2
Opcode Fuzzy Hash: 0db35870c64301203f4cab6e491897749c151997f25227e9940f1aed7ae6d787
Instruction Fuzzy Hash: E3618E70900609EFDF109F64CC899FE7BB9FB09724F124189F965EB290DB748A81DB61

Function 0082FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0082FAAF
SafeArrayAllocData.OLEAUT32(?), ref: 0082FB08
VariantInit.OLEAUT32(?), ref: 0082FB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 0082FB3A
VariantCopy.OLEAUT32(?,?), ref: 0082FB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 0082FBA1
VariantClear.OLEAUT32(?), ref: 0082FBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 0082FBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0082FBCC
VariantClear.OLEAUT32(?), ref: 0082FBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0082FBE9

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 2440cec3db5bf7b437308043784570e3bc01acb52faa749527d4f25f0a0700e1
Instruction ID: 35b48653fbfd16d19f71ed74b97969caac005f078034ab9e5646c602c364acda
Opcode Fuzzy Hash: 2440cec3db5bf7b437308043784570e3bc01acb52faa749527d4f25f0a0700e1
Instruction Fuzzy Hash: AA413035A00229DFCB00DF68D8589ADBBB9FF48354F418075E946E7262CB74A945CFA0

Function 00839C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00839CA1
GetAsyncKeyState.USER32(000000A0), ref: 00839D22
GetKeyState.USER32(000000A0), ref: 00839D3D
GetAsyncKeyState.USER32(000000A1), ref: 00839D57
GetKeyState.USER32(000000A1), ref: 00839D6C
GetAsyncKeyState.USER32(00000011), ref: 00839D84
GetKeyState.USER32(00000011), ref: 00839D96
GetAsyncKeyState.USER32(00000012), ref: 00839DAE
GetKeyState.USER32(00000012), ref: 00839DC0
GetAsyncKeyState.USER32(0000005B), ref: 00839DD8
GetKeyState.USER32(0000005B), ref: 00839DEA

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 8430129e5bf5ab2386c9aa56c036ab9cfe58c71bea8e42ab182ca9370fa7d591
Instruction ID: d196d1a90cdf961a7e8aff70a705aacb50b37c7dbff452fa69bb8a123b7b4932
Opcode Fuzzy Hash: 8430129e5bf5ab2386c9aa56c036ab9cfe58c71bea8e42ab182ca9370fa7d591
Instruction Fuzzy Hash: 2A41C6345047CA6DFF319664C8053B6BEA0FF91344F04905ADAC7966C2EBE599C8CBE2

Function 0085055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 008505BC
inet_addr.WSOCK32(?), ref: 0085061C
gethostbyname.WSOCK32(?), ref: 00850628
IcmpCreateFile.IPHLPAPI ref: 00850636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008506C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008506E5
IcmpCloseHandle.IPHLPAPI(?), ref: 008507B9
WSACleanup.WSOCK32 ref: 008507BF

Strings

Ping, xrefs: 00850676

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: d67d028f2a514872c391ab8fe2ef57f4a28ade8d26df2662e5184a16291238e1
Instruction ID: 0a153e0960a5cf715975a88fdbfc7ff18921141dbb3ef0dddbb89cd812cbc500
Opcode Fuzzy Hash: d67d028f2a514872c391ab8fe2ef57f4a28ade8d26df2662e5184a16291238e1
Instruction Fuzzy Hash: 7E91AC356042019FD320CF15C888B1ABBE0FF48318F0585A9E8AADB7A2D771ED49CF81

Function 00858CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00858CF3

Part of subcall function 00838E54: _wcslen.LIBCMT ref: 00838E77

_wcslen.LIBCMT ref: 00858D4E
_wcslen.LIBCMT ref: 00858D9C
_wcslen.LIBCMT ref: 00858DDC
_wcslen.LIBCMT ref: 00858E6E

Strings

none, xrefs: 00858E65, 00858E6A
stdcall, xrefs: 00858DD6, 00858DDB
winapi, xrefs: 00858D96, 00858D9B
cdecl, xrefs: 00858D48, 00858D4D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: cdf42a91e6545e0076ce4e6e6f6b50729dae362b7232430795148f40ec071761
Instruction ID: be8dd7d3d7437a016448632e7facb493c8f2fea5fb4cb281cbced1c1ccf50328
Opcode Fuzzy Hash: cdf42a91e6545e0076ce4e6e6f6b50729dae362b7232430795148f40ec071761
Instruction Fuzzy Hash: 96518F31A00116DBCF14DF68C9418BEB7B5FF64725B24422AE966F7284EB35DD488B90

Function 0085372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00853774
CoUninitialize.OLE32 ref: 0085377F
CoCreateInstance.OLE32(?,00000000,00000017,0086FB78,?), ref: 008537D9
IIDFromString.OLE32(?,?), ref: 0085384C
VariantInit.OLEAUT32(?), ref: 008538E4
VariantClear.OLEAUT32(?), ref: 00853936

Strings

Failed to create object, xrefs: 008537E4, 0085389A
NULL Pointer assignment, xrefs: 0085381E
Invalid parameter, xrefs: 00853865

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 8e6fa2f9ba039c71ec129594167f5da1d37a56e436936cd0bbbffcc5b32ad6be
Instruction ID: ce8a12f9bb85f01563f86486691603e80e239cdc5b8e0c63dce344f28acd0dd4
Opcode Fuzzy Hash: 8e6fa2f9ba039c71ec129594167f5da1d37a56e436936cd0bbbffcc5b32ad6be
Instruction Fuzzy Hash: 2C61B0B0608301AFD715DF64C849B6ABBE4FF49755F100829F985DB291D770EE48CBA2

Function 00843388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008433CF

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008433F0

Strings

"%s" (%d) : ==> %s:%s%s, xrefs: 00843504
^ ERROR , xrefs: 0084349E
Line %d (File "%s"):, xrefs: 00843443, 0084345C
Incorrect parameters to object property !, xrefs: 008434AB
Error: , xrefs: 008434D1
"%s" (%d) : ==> %s:, xrefs: 00843522

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 91ca082caf287575c2a5e19384196faa64f6296d4a9a4fcfc1d6daf1ab464c90
Instruction ID: e830ef5e84145a0ef067986918787661264f7c0e984a66954d99ae8d286ff4d8
Opcode Fuzzy Hash: 91ca082caf287575c2a5e19384196faa64f6296d4a9a4fcfc1d6daf1ab464c90
Instruction Fuzzy Hash: 08518D71900209EADF15EBA0CD4AEEEB778FF14340F144066F505B2292EB692F58DB61

Function 0083B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 0083B5FC
_wcslen.LIBCMT ref: 0083B608
_wcslen.LIBCMT ref: 0083B64D
_wcslen.LIBCMT ref: 0083B68C
_wcslen.LIBCMT ref: 0083B6C7

Strings

KEYS, xrefs: 0083B647, 0083B64C
REMOVE, xrefs: 0083B602, 0083B607
EXISTS, xrefs: 0083B686, 0083B68B
APPEND, xrefs: 0083B6C1, 0083B6C6

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: c8d2496c6fde1d30815331842ccd65cdf3b6bea03b0129f30dd31bcfe6acdd0a
Instruction ID: 22382b54d88d43e96c9f9218db468c4621e4b9314321ec98d386e547520b180d
Opcode Fuzzy Hash: c8d2496c6fde1d30815331842ccd65cdf3b6bea03b0129f30dd31bcfe6acdd0a
Instruction Fuzzy Hash: CB41C5B2A010269BCB10AEBDC8925BE77A5FBF0754F244229E625DB285F735CD81C7D0

Function 00845393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 008453A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00845416
GetLastError.KERNEL32 ref: 00845420
SetErrorMode.KERNEL32(00000000,READY), ref: 008454A7

Strings

INVALID, xrefs: 00845459
UNKNOWN, xrefs: 00845444
READONLY, xrefs: 00845452
NOTREADY, xrefs: 0084544B
READY, xrefs: 00845460, 00845468

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 08f76b937d81b83b4d0ae9023f48dc1081098e6fd2cc52fdf816a0ca1b9169cc
Instruction ID: e794de0972d3a70c1213ce0c55684f93d9b9a78e5f5976f7a8ccb79c6fa89ffe
Opcode Fuzzy Hash: 08f76b937d81b83b4d0ae9023f48dc1081098e6fd2cc52fdf816a0ca1b9169cc
Instruction Fuzzy Hash: 8B318FB5A006089FCB10DF68C488AAEBBB4FB45349F188065E505DF392EB75DD86CB91

Function 00863C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00863C79
SetMenu.USER32(?,00000000), ref: 00863C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00863D10
IsMenu.USER32(?), ref: 00863D24
CreatePopupMenu.USER32 ref: 00863D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00863D5B
DrawMenuBar.USER32 ref: 00863D63

Strings

F, xrefs: 00863D4E
0, xrefs: 00863C54

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 1bb2f38f05a6b4fb10391ae6a6ba6bab0e1392cf8ece4fdbd5582c83bd0a2536
Instruction ID: c74289dd685febd9472434ac8a680af2c0854c2267083ba4db7badbdf6527061
Opcode Fuzzy Hash: 1bb2f38f05a6b4fb10391ae6a6ba6bab0e1392cf8ece4fdbd5582c83bd0a2536
Instruction Fuzzy Hash: CA413779A01209EFDF14DF64DC88AAABBB5FF49350F150029FA46A7360D771AA10CB94

Function 00831EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00831F64
GetDlgCtrlID.USER32 ref: 00831F6F
GetParent.USER32 ref: 00831F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00831F8E
GetDlgCtrlID.USER32(?), ref: 00831F97
GetParent.USER32(?), ref: 00831FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00831FAE

Strings

ListBox, xrefs: 00831F21
ComboBox, xrefs: 00831EEC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 6ec96db96c27f0fc11b214fb0ec256dd118ca7c722ac9d835fcdaf9ccb46af17
Instruction ID: d0f948c4f6800638e30954ed0a4fbdd710c315745dfc37788d5d7177a91f0e7a
Opcode Fuzzy Hash: 6ec96db96c27f0fc11b214fb0ec256dd118ca7c722ac9d835fcdaf9ccb46af17
Instruction Fuzzy Hash: 9C21D474A00214BBCF05AFA0DC89DFEBBB8FF55310F00511AF965A7291DB785905DBA4

Function 00831FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00832043
GetDlgCtrlID.USER32 ref: 0083204E
GetParent.USER32 ref: 0083206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 0083206D
GetDlgCtrlID.USER32(?), ref: 00832076
GetParent.USER32(?), ref: 0083208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 0083208D

Strings

ListBox, xrefs: 00832002
ComboBox, xrefs: 00831FCD

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 0f9c7a332e6fc7ac84a585a4616f5b8a6c7aa140fb50f3e0461c4c442ccc16dc
Instruction ID: 04e7e3d807cdf04a565cfb30d6cc54ed4a3173fd47eb093b609a4fd3279ae066
Opcode Fuzzy Hash: 0f9c7a332e6fc7ac84a585a4616f5b8a6c7aa140fb50f3e0461c4c442ccc16dc
Instruction Fuzzy Hash: 7521D471A00218BBCF15AFA0CC45EFEBBB8FF15300F005006F995A72A1DB794918DBA0

Function 00863A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00863A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00863AA0
GetWindowLongW.USER32(?,000000F0), ref: 00863AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00863AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00863B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00863BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00863BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00863BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00863BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00863C13

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: c59a214f965e6eb3b455eadcf739ebc60044a91f6f00aa9ecbc8637647108561
Instruction ID: e45152fc0b7719976389e8a4eecb90c29dda43839306d88e3fccdc5d70103545
Opcode Fuzzy Hash: c59a214f965e6eb3b455eadcf739ebc60044a91f6f00aa9ecbc8637647108561
Instruction Fuzzy Hash: FC617775A00208AFDB11DFA8CC85EEEB7B8FF09714F14019AFA15E72A1C774AA41DB50

Function 0083B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0083B151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B165
GetWindowThreadProcessId.USER32(00000000), ref: 0083B16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 0083B18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0083A1E1,?,00000001), ref: 0083B21D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: da8df6e32dd116b085f5b8236f618cd3d2681fb4193a32926f6f01ae1dbd554b
Instruction ID: ab6a9fd5095eebcf10184cc4fbebd952508abdfc1800ebfe621b6dff2f691d3c
Opcode Fuzzy Hash: da8df6e32dd116b085f5b8236f618cd3d2681fb4193a32926f6f01ae1dbd554b
Instruction Fuzzy Hash: 0E318DB5500604BFEB109F64DC49F7EBBA9FBA2311F114519FB06D6190D7B89E408FA4

Function 00802C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00802C94

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 00802CA0
_free.LIBCMT ref: 00802CAB
_free.LIBCMT ref: 00802CB6
_free.LIBCMT ref: 00802CC1
_free.LIBCMT ref: 00802CCC
_free.LIBCMT ref: 00802CD7
_free.LIBCMT ref: 00802CE2
_free.LIBCMT ref: 00802CED
_free.LIBCMT ref: 00802CFB

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: adf0a53b42fecd63d393f147c6ec444dc4f96913b27caae5619afd5b0f42338a
Instruction ID: 66984fd28c4664983938e33572e93f0776de820ac3546b7486bfa6c02ad33a76
Opcode Fuzzy Hash: adf0a53b42fecd63d393f147c6ec444dc4f96913b27caae5619afd5b0f42338a
Instruction Fuzzy Hash: 7211A776100108AFCB42EF58DC46DDD3FA9FF05350F5144A5FA489F262D671EE509B91

Function 007D1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 007D1459
OleUninitialize.OLE32(?,00000000), ref: 007D14F8
UnregisterHotKey.USER32(?), ref: 007D16DD
DestroyWindow.USER32(?), ref: 008124B9
FreeLibrary.KERNEL32(?), ref: 0081251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 0081254B

Strings

close all, xrefs: 007D1454

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: a9e68a8575705f3f4b7fee42c9fade14a4aa5139b6e37c1b160ea5ac84a14473
Instruction ID: f52b2c8fc4bebbeabd160f72dedf6e817803802ab14116889006790b9f23ae66
Opcode Fuzzy Hash: a9e68a8575705f3f4b7fee42c9fade14a4aa5139b6e37c1b160ea5ac84a14473
Instruction Fuzzy Hash: 76D15531702212DFCB19EF15C899AA9F7A5FF04710F5541AEE44AAB362CB34AC62CF50

Function 00847DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00847FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00847FC1
GetFileAttributesW.KERNEL32(?), ref: 00847FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00848005
SetCurrentDirectoryW.KERNEL32(?), ref: 00848017
SetCurrentDirectoryW.KERNEL32(?), ref: 00848060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008480B0

Strings

*.*, xrefs: 00848066

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: 9ff5fce177f1b384e25c5d99f93d8f45d1692c5735ae3c46ecab0578d8c79425
Instruction ID: 406c1af13cc95ccc1d0e32dff101df67c0f5b49b9370128f4e4d3f11aec41960
Opcode Fuzzy Hash: 9ff5fce177f1b384e25c5d99f93d8f45d1692c5735ae3c46ecab0578d8c79425
Instruction Fuzzy Hash: 47819E72508249DBCB24EF14C844AAEB3E8FF88714F14496AF885C7250EB39DD49CB92

Function 007D5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 007D5C7A

Part of subcall function 007D5D0A: GetClientRect.USER32(?,?), ref: 007D5D30
Part of subcall function 007D5D0A: GetWindowRect.USER32(?,?), ref: 007D5D71
Part of subcall function 007D5D0A: ScreenToClient.USER32(?,?), ref: 007D5D99

GetDC.USER32 ref: 008146F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00814708
SelectObject.GDI32(00000000,00000000), ref: 00814716
SelectObject.GDI32(00000000,00000000), ref: 0081472B
ReleaseDC.USER32(?,00000000), ref: 00814733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008147C4

Strings

U, xrefs: 00814693

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: c965a63ec1dedb79af1f309a066553d47bfc6efb6f9bc0f62868e6ba442828e0
Instruction ID: ed44debfab4624ec5da15e16a07d821f1bf9f66ccdc908364f260c779337a6bb
Opcode Fuzzy Hash: c965a63ec1dedb79af1f309a066553d47bfc6efb6f9bc0f62868e6ba442828e0
Instruction Fuzzy Hash: 1C712430500209DFDF218F64C984AFA3BB9FF4A325F14166AED55DA2A6C7348C81DF60

Function 0084359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008435E4

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

LoadStringW.USER32(008A2390,?,00000FFF,?), ref: 0084360A

Strings

"%s" (%d) : ==> %s:%s%s, xrefs: 00843724
Line %d (File "%s"):, xrefs: 0084366B
^ ERROR, xrefs: 008436C9
Error: , xrefs: 008436EF
"%s" (%d) : ==> %s:, xrefs: 00843742

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 11e541ae0655335b4b915770ac295cc08a729e8b9dec42f0d8475a02ec1bdd1d
Instruction ID: b0d9c84f7356dab1d386e83d296c4b7abe017396d676b576dae1d4258c29caca
Opcode Fuzzy Hash: 11e541ae0655335b4b915770ac295cc08a729e8b9dec42f0d8475a02ec1bdd1d
Instruction Fuzzy Hash: CC516E71900219FADF14EBA0DC46EEEBB78FF14340F144126F115B22A1EB791A98DBA1

Function 0084C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0084C272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0084C29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0084C2CA
GetLastError.KERNEL32 ref: 0084C322
SetEvent.KERNEL32(?), ref: 0084C336
InternetCloseHandle.WININET(00000000), ref: 0084C341

Strings

, xrefs: 0084C2BB

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 0621b2468864e4ae664507b7ade2128c2d89725ff33de89b8ed3fee982860f24
Instruction ID: f6bfe9dc8430199a650e328e19f36b84f0a4957e989cab9524f3fcaeb30c83f7
Opcode Fuzzy Hash: 0621b2468864e4ae664507b7ade2128c2d89725ff33de89b8ed3fee982860f24
Instruction Fuzzy Hash: 03316BB160160CAFD7619FA98888ABB7AFCFB49744B14851EF486D2210DBB4DD049B61

Function 0083989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00813AAF,?,?,Bad directive syntax error,0086CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008398BC
LoadStringW.USER32(00000000,?,00813AAF,?), ref: 008398C3

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00839987

Strings

., xrefs: 0083996D
Line %d:, xrefs: 00839912
Line %d (File "%s"):, xrefs: 0083992D
%s (%d) : ==> %s.: %s %s, xrefs: 008398F1
Error: , xrefs: 00839955

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 4ae86418160f196094b38e36d4b72b872a747310311a18df7534f8db75ec462a
Instruction ID: 73ff58a6c0b6ed6278f01be205cd327da3739f97f589c8413ea14fdf9ccae2a9
Opcode Fuzzy Hash: 4ae86418160f196094b38e36d4b72b872a747310311a18df7534f8db75ec462a
Instruction Fuzzy Hash: 0521943190021EEBDF11AF90CC0AEEE7779FF18704F044456F519A51A1EB799628DB51

Function 0083209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 008320AB
GetClassNameW.USER32(00000000,?,00000100), ref: 008320C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0083214D

Strings

list, xrefs: 0083212F
smallicons, xrefs: 00832115
largeicons, xrefs: 008320E1
details, xrefs: 008320FB
SHELLDLL_DefView, xrefs: 008320CC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: aad39cdda1894d3db0c3ecf14bc7ce96a8fd941f39e03b8354cda15b5658b01a
Instruction ID: df9e6d32b60dc5e02295705b3996f83b9d58ffc66df2799da4e551cd88f3e8ca
Opcode Fuzzy Hash: aad39cdda1894d3db0c3ecf14bc7ce96a8fd941f39e03b8354cda15b5658b01a
Instruction Fuzzy Hash: AD110A7668870AFAFA017224DC0ADBB379CFB54724F204156F704F51D1FBA978015654

Function 00808D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4675fee76bb8fae953eacf3ad33a0c6640f561a32047cac8c4c72987e42759b7
Instruction ID: 1f2837fa008e8cce2bd2b385b8a3db377d692e08726e09e78b10c9c1ac43c489
Opcode Fuzzy Hash: 4675fee76bb8fae953eacf3ad33a0c6640f561a32047cac8c4c72987e42759b7
Instruction Fuzzy Hash: E7C1DEB4A04249EFDB619FA8CC45BADBBB0FF0A310F144199E994E73D2CB749941CB61

Function 0080CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0080CEB7
_free.LIBCMT ref: 0080CF22
_free.LIBCMT ref: 0080CF48
_free.LIBCMT ref: 0080CF71
_free.LIBCMT ref: 0080CFA9
_free.LIBCMT ref: 0080CFDA
_free.LIBCMT ref: 0080D01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 0080D09C
_free.LIBCMT ref: 0080D0B5

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 31af1537daa126baff76a45cf28dab648343759165fd19290dfaae50204d904c
Instruction ID: fecc9e057db9d6615eb0dfb8ac7ed389a1e26730fe83f2086b3e2e7833990468
Opcode Fuzzy Hash: 31af1537daa126baff76a45cf28dab648343759165fd19290dfaae50204d904c
Instruction Fuzzy Hash: 9D614772A04306AFDBA1AFB89C85A6D7BA5FF02320F14426DF944D72C2DBB19D018752

Function 008650D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00865186
ShowWindow.USER32(?,00000000), ref: 008651C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 008651CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 008651D1

Part of subcall function 00866FBA: DeleteObject.GDI32(00000000), ref: 00866FE6

GetWindowLongW.USER32(?,000000F0), ref: 0086520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 0086521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0086524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00865287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00865296

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: b84119a3740f7061eaee722b9a0db63b8e54a0e83b76f548cf60a5e035781e99
Instruction ID: de67ea6c467a762176bc60236d94cfb9140d50f577db4f4caa352938cbc13e79
Opcode Fuzzy Hash: b84119a3740f7061eaee722b9a0db63b8e54a0e83b76f548cf60a5e035781e99
Instruction Fuzzy Hash: 6A51C170A41A08FFEF219F28CC5ABD93B65FB06325F164012F625D63E0C7B5A990DB51

Function 007E8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00826890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008268A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008268B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008268D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008268F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007E8874,00000000,00000000,00000000,000000FF,00000000), ref: 00826901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0082691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007E8874,00000000,00000000,00000000,000000FF,00000000), ref: 0082692D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: e6a316dff5ec72858c45d7a823889459c962b978412d91c034a0e367a26ff2a4
Instruction ID: eb2ea188d294101999f445abadce5a54f153c38417463cda79c661a066913d03
Opcode Fuzzy Hash: e6a316dff5ec72858c45d7a823889459c962b978412d91c034a0e367a26ff2a4
Instruction Fuzzy Hash: FF519AB0600249EFDB20CF29DC55FAA7BB5FB48350F104528F956D72A0EBB4E990DB40

Function 0084C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0084C182
GetLastError.KERNEL32 ref: 0084C195
SetEvent.KERNEL32(?), ref: 0084C1A9

Part of subcall function 0084C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0084C272
Part of subcall function 0084C253: GetLastError.KERNEL32 ref: 0084C322
Part of subcall function 0084C253: SetEvent.KERNEL32(?), ref: 0084C336
Part of subcall function 0084C253: InternetCloseHandle.WININET(00000000), ref: 0084C341

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: 75de4445b8b5bf20d59f39cbb57021e6e326aab50c0207004565157a32493f1a
Instruction ID: 41b109a588753690404ae78a513322b1fdc149cd0907ec95e0cddd4d585be3c5
Opcode Fuzzy Hash: 75de4445b8b5bf20d59f39cbb57021e6e326aab50c0207004565157a32493f1a
Instruction Fuzzy Hash: 97318F71602649AFDB619FB5DD44A76BBFDFF18300B00442EF996C2620DBB1E8149B60

Function 008325A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00833A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00833A57
Part of subcall function 00833A3D: GetCurrentThreadId.KERNEL32 ref: 00833A5E
Part of subcall function 00833A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008325B3), ref: 00833A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 008325BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008325DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008325DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 008325E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00832601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00832605
MapVirtualKeyW.USER32(00000025,00000000), ref: 0083260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00832623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00832627

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: a4b008691c376bad15793c5382c0ccc9bf80e001016108844cf1b025860233eb
Instruction ID: cde2a2a633c31cb34655938ad20435f07b4c0e481999eedf88faced651d6f56e
Opcode Fuzzy Hash: a4b008691c376bad15793c5382c0ccc9bf80e001016108844cf1b025860233eb
Instruction Fuzzy Hash: 6F01D830390624BBFB107768DC8AF693F59FF9EB11F111005F354EE0D1C9E124448AAA

Function 00831803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00831449,?,?,00000000), ref: 0083180C
HeapAlloc.KERNEL32(00000000,?,00831449,?,?,00000000), ref: 00831813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00831449,?,?,00000000), ref: 00831828
GetCurrentProcess.KERNEL32(?,00000000,?,00831449,?,?,00000000), ref: 00831830
DuplicateHandle.KERNEL32(00000000,?,00831449,?,?,00000000), ref: 00831833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00831449,?,?,00000000), ref: 00831843
GetCurrentProcess.KERNEL32(00831449,00000000,?,00831449,?,?,00000000), ref: 0083184B
DuplicateHandle.KERNEL32(00000000,?,00831449,?,?,00000000), ref: 0083184E
CreateThread.KERNEL32(00000000,00000000,00831874,00000000,00000000,00000000), ref: 00831868

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 1e922e2c32b2615c1fb18d1ff600451bce142478eefe272177689819de236dc1
Instruction ID: 2e43a244d80bebe053aaaad723e4c2caaa093399c7cfc34fc813b6410cbd0df0
Opcode Fuzzy Hash: 1e922e2c32b2615c1fb18d1ff600451bce142478eefe272177689819de236dc1
Instruction Fuzzy Hash: 1201BBB5240348BFE710ABA5DC4DF6B7BACFB8AB11F015411FA45DB2A1CAB59800CB70

Function 0085A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 0083D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0083D501
Part of subcall function 0083D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0083D50F
Part of subcall function 0083D4DC: CloseHandle.KERNEL32(00000000), ref: 0083D5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 0085A16D
GetLastError.KERNEL32 ref: 0085A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0085A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 0085A268
GetLastError.KERNEL32(00000000), ref: 0085A273
CloseHandle.KERNEL32(00000000), ref: 0085A2C4

Strings

SeDebugPrivilege, xrefs: 0085A18F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: a3fd323f1cef508acc8269ff10a0e49cce8d364734e4daddabcdbb702458c34b
Instruction ID: 179cca3ad32586910f3e31681ef658fffb1b97ab2fa80efbed0c9ae0cfa489ba
Opcode Fuzzy Hash: a3fd323f1cef508acc8269ff10a0e49cce8d364734e4daddabcdbb702458c34b
Instruction Fuzzy Hash: BC617C312082429FD714DF18C4D9F25BBA1FF44319F18858CE8668B7A2C7B6EC49CB92

Function 00863886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00863925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0086393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00863954
_wcslen.LIBCMT ref: 00863999
SendMessageW.USER32(?,00001057,00000000,?), ref: 008639C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 008639F4

Strings

SysListView32, xrefs: 008638F7

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 57005d605aa196ccd2b1e31632543b6f2a56e725e47b94a6959e1d58e9efb42a
Instruction ID: 337910a69c09f2191850d604dfe03dac6532d8c8b3d26fb7a59ddf7128e131c8
Opcode Fuzzy Hash: 57005d605aa196ccd2b1e31632543b6f2a56e725e47b94a6959e1d58e9efb42a
Instruction Fuzzy Hash: BC41A571A00219ABEF219F64CC49FEA7BA9FF08354F11052AF959E7281D7B59D80CB90

Function 0083BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0083BCFD
IsMenu.USER32(00000000), ref: 0083BD1D
CreatePopupMenu.USER32 ref: 0083BD53
GetMenuItemCount.USER32(01585368), ref: 0083BDA4
InsertMenuItemW.USER32(01585368,?,00000001,00000030), ref: 0083BDCC

Strings

0, xrefs: 0083BCA8
2, xrefs: 0083BD37

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 6f56d075126500bd95454ad9bae9409e58424027189e612d5bad42482c8f97c7
Instruction ID: 66ee049a7c0a492ec0f99d3cdf12c4639334d7507380c36f3b2a949ca940f673
Opcode Fuzzy Hash: 6f56d075126500bd95454ad9bae9409e58424027189e612d5bad42482c8f97c7
Instruction Fuzzy Hash: D451AFB0A042099BDF20DFA8D888BAEBBF4FF85354F144159E651E7291D7709D41CBA2

Function 0083C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 0083C913

Strings

blank, xrefs: 0083C895
info, xrefs: 0083C8B4
question, xrefs: 0083C8CC
stop, xrefs: 0083C8E4
warning, xrefs: 0083C8FC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 4ba74bc0edc418b03ebe81eb3975848c5e1dffbdd323d634e85ddd7aaeec0892
Instruction ID: bab7d15ca90692d81cc114e08681ce32b5298a3fc636daae829ebf2897bb04ce
Opcode Fuzzy Hash: 4ba74bc0edc418b03ebe81eb3975848c5e1dffbdd323d634e85ddd7aaeec0892
Instruction Fuzzy Hash: E711EE3268930ABAEB016B549C82DBB7B9CFF55354F11406AF900F5381E7A46F0053A4

Function 0083DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 0083DE42
gethostname.WSOCK32(?,00000100), ref: 0083DE5C
gethostbyname.WSOCK32(?), ref: 0083DE69
inet_ntoa.WSOCK32(?), ref: 0083DEAB
_strcat.LIBCMT ref: 0083DEB9
WSACleanup.WSOCK32 ref: 0083DEDE

Strings

0.0.0.0, xrefs: 0083DE87

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 170c89678d60ccc72266406a4316c1e5d47373787b6ba0fb7c055d2323408ef2
Instruction ID: 78076aeefbfd4ec4aa02ef5b78570c2e888a99e3d6747243215460f431a664a0
Opcode Fuzzy Hash: 170c89678d60ccc72266406a4316c1e5d47373787b6ba0fb7c055d2323408ef2
Instruction Fuzzy Hash: 95110A71904218AFCB20BB64EC0ADFF7B6CFF50711F050169F555E7191EFB59A818AA0

Function 00869F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

GetSystemMetrics.USER32(0000000F), ref: 00869FC7
GetSystemMetrics.USER32(0000000F), ref: 00869FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0086A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0086A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0086A263
ShowWindow.USER32(00000003,00000000), ref: 0086A282
InvalidateRect.USER32(?,00000000,00000001), ref: 0086A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 0086A2CA

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 6f860c6374c2ba35b8325181f1f0b2ea701cc95f8c373cc1eb146b2b0e66ea6f
Instruction ID: f7bb03183b07fa6b60b5299093182db0843ac5bc6eaa060b23f74d8f34ebe00b
Opcode Fuzzy Hash: 6f860c6374c2ba35b8325181f1f0b2ea701cc95f8c373cc1eb146b2b0e66ea6f
Instruction Fuzzy Hash: 60B1A831600219DFDF18CF68C9957AA7BB2FF45701F0A8069EC85EB295DB71A940CF51

Function 0083ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 0083ED2A
_wcslen.LIBCMT ref: 0083ED3B
_wcslen.LIBCMT ref: 0083ED79
_wcslen.LIBCMT ref: 0083EDAF
_wcslen.LIBCMT ref: 0083EDDF
_wcslen.LIBCMT ref: 0083EDEF
_wcslen.LIBCMT ref: 0083EE2B
_wcslen.LIBCMT ref: 0083EE5A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: bbe7c49a4c260f75ec83b795a58db11bb3c5e4c8c3dd2991a342aad301fd4de3
Instruction ID: 9005b4fee67a1573adadde7ea8da5e073b54b8f6bed06060ebee01e094dfbc77
Opcode Fuzzy Hash: bbe7c49a4c260f75ec83b795a58db11bb3c5e4c8c3dd2991a342aad301fd4de3
Instruction Fuzzy Hash: 4441AF66D1021CB6CB11EBF4888A9DFB3A8FF45700F408466E614E3261EB38E245C3E6

Function 007EF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0082682C,00000004,00000000,00000000), ref: 007EF953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0082682C,00000004,00000000,00000000), ref: 0082F3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0082682C,00000004,00000000,00000000), ref: 0082F454

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 26150dfb17ba74dbefc8f65ad767d487d86ae40b3e88b3a5934f550e8830f05a
Instruction ID: d1eba26eeb5312bf5f89ef1a611ae41b32a76ec02e6ec90a9d37ff01e858f902
Opcode Fuzzy Hash: 26150dfb17ba74dbefc8f65ad767d487d86ae40b3e88b3a5934f550e8830f05a
Instruction Fuzzy Hash: 9941E6316096C0BAD7359B2A988CB2A7AA1BB5E314F15443DE1C7D6E63C679B8C0CB11

Function 00862D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00862D1B
GetDC.USER32(00000000), ref: 00862D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00862D2E
ReleaseDC.USER32(00000000,00000000), ref: 00862D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00862D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00862D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00865A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00862DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00862DE1

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: cc2e2a804e71d937c05ea8e758b3d4ded2ba2c9d6dcf9ac44a3ad581948152a4
Instruction ID: fde8fb903ffbc60a23ac92f5e6cde3b8c0f396abf1542907a8265363824b14a2
Opcode Fuzzy Hash: cc2e2a804e71d937c05ea8e758b3d4ded2ba2c9d6dcf9ac44a3ad581948152a4
Instruction Fuzzy Hash: 47318772201614BBEB218F54DC8AFFB3BA9FB09715F0550A5FE48DA291C6B59C40CBA4

Function 00835622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00835637
_memcmp.LIBVCRUNTIME ref: 00835659
_memcmp.LIBVCRUNTIME ref: 00835671
_memcmp.LIBVCRUNTIME ref: 00835684
_memcmp.LIBVCRUNTIME ref: 0083569E
_memcmp.LIBVCRUNTIME ref: 008356B1
_memcmp.LIBVCRUNTIME ref: 008356C9
_memcmp.LIBVCRUNTIME ref: 008356E4

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 8daf8397625525775e40556ad3c29ed58928fc53b2d2f6be8ca8299c6dd0d551
Instruction ID: 45820001bf4c1f75dcc1ad0f6418d34b1c979b0d8077dce72757c3e108fc792f
Opcode Fuzzy Hash: 8daf8397625525775e40556ad3c29ed58928fc53b2d2f6be8ca8299c6dd0d551
Instruction Fuzzy Hash: 2A2180A1644A1DFBD21456209E83FBA235DFFB0394F850020FE05DA782F768ED10C6E5

Function 00854FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

NULL Pointer assignment, xrefs: 0085502E, 00855383
Not an Object type, xrefs: 00855007

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 5bec701dc5ac9b730472e4736bef63309d5da448d10a36cfb3d643901aae941d
Instruction ID: 871cc27213e9bda3a34126ad7cc6038c82ad7036367c061c562b595e546b8cb7
Opcode Fuzzy Hash: 5bec701dc5ac9b730472e4736bef63309d5da448d10a36cfb3d643901aae941d
Instruction Fuzzy Hash: ECD1B171A0060A9FDF10CFA8C8A1BAEB7B5FF48355F148069E915EB281E771DD49CB90

Function 00811522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 008115CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00811651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008116E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 008116FB

Part of subcall function 00803820: RtlAllocateHeap.NTDLL(00000000,?,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6,?,007D1129), ref: 00803852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00811777
__freea.LIBCMT ref: 008117A2
__freea.LIBCMT ref: 008117AE

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 11454f007de13de8be5c07739d50c05d322f8b4e3c40db2725fd55b3db504839
Instruction ID: 3b7673bc27921aced05ea7ae3d99408d5174b214b3b2b2313684c4320bb6c458
Opcode Fuzzy Hash: 11454f007de13de8be5c07739d50c05d322f8b4e3c40db2725fd55b3db504839
Instruction Fuzzy Hash: 3A91A571E0021A9ADF208E74DC89AEE7BBEFF49714F184659EA05E7281DB35DC80C760

Function 00854523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00854648
VariantInit.OLEAUT32(?), ref: 00854749
VariantClear.OLEAUT32(?), ref: 00854753
VariantClear.OLEAUT32(?), ref: 008547B0

Strings

Incorrect Object type in FOR..IN loop, xrefs: 0085472C
Null Object assignment in FOR..IN loop, xrefs: 008545D8, 00854706, 008547BE

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 052f4d488653cd8cd235bccaeb9340fc3130b52341980063930c8d6cfb212962
Instruction ID: 6bc41bd9291d7315ee098b437fd2b518c0562d0295cc09f3a3e11fc66f18cdf5
Opcode Fuzzy Hash: 052f4d488653cd8cd235bccaeb9340fc3130b52341980063930c8d6cfb212962
Instruction Fuzzy Hash: 45919171A00219ABDF20CFA5C844FAE7BB8FF49719F109559F915EB280D7709989CFA0

Function 00841187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0084125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00841284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008412A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008412D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0084135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008413C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00841430

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: f01b5784e8aa12d478ec22b868e60fa582ce0a25e9c5adedb03f5d663c395ff0
Instruction ID: 04935c39c8a53fe5f7e026149213559388c7e8939009b4acde79d3c2467da363
Opcode Fuzzy Hash: f01b5784e8aa12d478ec22b868e60fa582ce0a25e9c5adedb03f5d663c395ff0
Instruction Fuzzy Hash: 6191D275A0021D9FDF01DFA8C888BBEB7B5FF44315F154029E940EB291DBB8A981CB95

Function 007E948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: d07e91aba393e10b44417a081115147c47e31e340c629e93c1c46750174ea05d
Instruction ID: 45c45fa38699200a766a1bfabce7db86a6f10474a21a4f7df4604bef67b572de
Opcode Fuzzy Hash: d07e91aba393e10b44417a081115147c47e31e340c629e93c1c46750174ea05d
Instruction Fuzzy Hash: C7914A72D01259EFCB10CFAACC88AEEBBB8FF49320F144455E515B7291D778A951CB60

Function 00853947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0085396B
CharUpperBuffW.USER32(?,?), ref: 00853A7A
_wcslen.LIBCMT ref: 00853A8A
VariantClear.OLEAUT32(?), ref: 00853C1F

Part of subcall function 00840CDF: VariantInit.OLEAUT32(00000000), ref: 00840D1F
Part of subcall function 00840CDF: VariantCopy.OLEAUT32(?,?), ref: 00840D28
Part of subcall function 00840CDF: VariantClear.OLEAUT32(?), ref: 00840D34

Strings

Incorrect Parameter format, xrefs: 008539A6, 00853BA1
AUTOIT.ERROR, xrefs: 00853A80, 00853A85

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: ca1b4587fb5dae45cde2c70e201c0e80b7f0eb851c27e7f460c9cc87e996e1c8
Instruction ID: a2e977c3712cda161c6f5caabc69751585f8c6c49774a3afb17bbb30ecb99c0e
Opcode Fuzzy Hash: ca1b4587fb5dae45cde2c70e201c0e80b7f0eb851c27e7f460c9cc87e996e1c8
Instruction Fuzzy Hash: 0C9135746083059FC704DF28C48496AB7E4FB88355F14892EF88ADB351DB35EE49CB92

Function 00854BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 0083000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?,?,0083035E), ref: 0083002B
Part of subcall function 0083000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?), ref: 00830046
Part of subcall function 0083000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?), ref: 00830054
Part of subcall function 0083000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?), ref: 00830064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00854C51
_wcslen.LIBCMT ref: 00854D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00854DCF
CoTaskMemFree.OLE32(?), ref: 00854DDA

Strings

NULL Pointer assignment, xrefs: 00854E23, 00854E52

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: c25f1c70eeb2c0f28742ddc7ff82b3407e3610ecf60d208671bb89f14eaaa119
Instruction ID: 0ef9af7b78b3435bdfb94f14a2d895c0998d34c4e7f55b9f0dddd075015d698d
Opcode Fuzzy Hash: c25f1c70eeb2c0f28742ddc7ff82b3407e3610ecf60d208671bb89f14eaaa119
Instruction Fuzzy Hash: EF912571D0021DEBDF14DFA4D895AEEB7B9FF08314F10416AE915A7241DB749A488FA0

Function 008620FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00862183
GetMenuItemCount.USER32(00000000), ref: 008621B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 008621DD
_wcslen.LIBCMT ref: 00862213
GetMenuItemID.USER32(?,?), ref: 0086224D
GetSubMenu.USER32(?,?), ref: 0086225B

Part of subcall function 00833A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00833A57
Part of subcall function 00833A3D: GetCurrentThreadId.KERNEL32 ref: 00833A5E
Part of subcall function 00833A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008325B3), ref: 00833A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008622E3

Part of subcall function 0083E97B: Sleep.KERNEL32 ref: 0083E9F3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: f9c575a42163bbfd2fd3b4b4d74a28c594f5d1b809955fc94da78412c7200703
Instruction ID: febd086a49c9af7690c9fa6cd96e1c527384f5bab03780f6919a889bad497dbd
Opcode Fuzzy Hash: f9c575a42163bbfd2fd3b4b4d74a28c594f5d1b809955fc94da78412c7200703
Instruction Fuzzy Hash: 52719E35A00605EFCB10EF68C845AAEB7F1FF88310F158499E816EB341DB34AD418B90

Function 00867E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(01585638), ref: 00867F37
IsWindowEnabled.USER32(01585638), ref: 00867F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0086801E
SendMessageW.USER32(01585638,000000B0,?,?), ref: 00868051
IsDlgButtonChecked.USER32(?,?), ref: 00868089
GetWindowLongW.USER32(01585638,000000EC), ref: 008680AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 008680C3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: b0b9a5028351c271e31bb2a480d1c99f25447954ced8c5992b155fbcdc78ff88
Instruction ID: 833cd19092acd995fe1078d56b3fd9b903f10c64a8d081e14c3da3114af74b44
Opcode Fuzzy Hash: b0b9a5028351c271e31bb2a480d1c99f25447954ced8c5992b155fbcdc78ff88
Instruction Fuzzy Hash: 5771AD34608604EFEF219F64C884FBABBB5FF1A304F164459F949D7261CB71A844CBA1

Function 0083AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 0083AEF9
GetKeyboardState.USER32(?), ref: 0083AF0E
SetKeyboardState.USER32(?), ref: 0083AF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 0083AF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 0083AFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 0083AFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 0083B020

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: e4f938719305adf712c091431817855387f967b9e430f04aa95d4bf08474ee47
Instruction ID: 766bda9168e31c1524a617da33e0fe3daf51bfb6adbed5f30f33571c9672291c
Opcode Fuzzy Hash: e4f938719305adf712c091431817855387f967b9e430f04aa95d4bf08474ee47
Instruction Fuzzy Hash: 5551D4E06047D53DFB3A4234C855BBB7EA9BB86304F088589E2D5D54C2C7D9ACC4D791

Function 0083ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 0083AD19
GetKeyboardState.USER32(?), ref: 0083AD2E
SetKeyboardState.USER32(?), ref: 0083AD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0083ADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0083ADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0083AE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0083AE38

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 9986ddd006f1d9d25a7689df1b5ab0d81706676591777ce4098a0736795a0304
Instruction ID: 0c2c83a70163d4fb53793d654cc225e22d0513a04fd23b5d79f5dac07d9064bf
Opcode Fuzzy Hash: 9986ddd006f1d9d25a7689df1b5ab0d81706676591777ce4098a0736795a0304
Instruction Fuzzy Hash: E751C5A15047D53DFB3A8364CC95B7A7E98BB86304F088588E1D5DA8C2D294EC84D792

Function 0080542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00813CD6,?,?,?,?,?,?,?,?,00805BA3,?,?,00813CD6,?,?), ref: 00805470
__fassign.LIBCMT ref: 008054EB
__fassign.LIBCMT ref: 00805506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00813CD6,00000005,00000000,00000000), ref: 0080552C
WriteFile.KERNEL32(?,00813CD6,00000000,00805BA3,00000000,?,?,?,?,?,?,?,?,?,00805BA3,?), ref: 0080554B
WriteFile.KERNEL32(?,?,00000001,00805BA3,00000000,?,?,?,?,?,?,?,?,?,00805BA3,?), ref: 00805584

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: ee9587ce9a49a18ce64dcca420a0b60dd72f5a329c829853ad859da6bc1ee5f9
Instruction ID: c19720c610a134a72035243b93f6e51ac2eb6081012cb6ef5a4689aa7cf4daac
Opcode Fuzzy Hash: ee9587ce9a49a18ce64dcca420a0b60dd72f5a329c829853ad859da6bc1ee5f9
Instruction Fuzzy Hash: A7519EB1A00649AFDB10CFA8DC95AEEBBF9FF09300F14411AE955E7291E6709A41CF60

Function 007F2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 007F2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 007F2D53
_ValidateLocalCookies.LIBCMT ref: 007F2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 007F2E0C
_ValidateLocalCookies.LIBCMT ref: 007F2E61

Strings

csm, xrefs: 007F2DF6

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 6e10744f6f14a9225b37dbd3b5d75f2eea08f4195ead7ac205cd2eb1ea14ba41
Instruction ID: 6d636b31da74532efb0ad8c9f674299e01809a997c425b987b0df01f6dafeb94
Opcode Fuzzy Hash: 6e10744f6f14a9225b37dbd3b5d75f2eea08f4195ead7ac205cd2eb1ea14ba41
Instruction Fuzzy Hash: 32419534B0020DEBCF14DF68C849AAEBBB5BF45364F148155EA14AB353D7399A06CBA1

Function 008510B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0085304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0085307A
Part of subcall function 0085304E: _wcslen.LIBCMT ref: 0085309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00851112
WSAGetLastError.WSOCK32 ref: 00851121
WSAGetLastError.WSOCK32 ref: 008511C9
closesocket.WSOCK32(00000000), ref: 008511F9

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: 371e97c163c432d1a9ac3006f57f986caba3e78ae8a70b967a4d3319e6db6d6e
Instruction ID: 18b738ecdf24ba230d3c835f431cfa3c537eb666be8a47fb4b4ccffe1bf86757
Opcode Fuzzy Hash: 371e97c163c432d1a9ac3006f57f986caba3e78ae8a70b967a4d3319e6db6d6e
Instruction Fuzzy Hash: EC412531200604AFDB109F24C889BA9BBE9FF44329F149099FD46DB291C774ED45CBE1

Function 0083CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0083DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0083CF22,?), ref: 0083DDFD

Part of subcall function 0083DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0083CF22,?), ref: 0083DE16

lstrcmpiW.KERNEL32(?,?), ref: 0083CF45
MoveFileW.KERNEL32(?,?), ref: 0083CF7F
_wcslen.LIBCMT ref: 0083D005
_wcslen.LIBCMT ref: 0083D01B
SHFileOperationW.SHELL32(?), ref: 0083D061

Strings

\*.*, xrefs: 0083CFF3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: ef9360800cd6ccc499780a6ac95010cd98462ca5516b21bebf71f5add3763f96
Instruction ID: 469b8e62aba40d65b8f6993f7b5aec0883aeadd0d1f1a89b644b69ef30f123c8
Opcode Fuzzy Hash: ef9360800cd6ccc499780a6ac95010cd98462ca5516b21bebf71f5add3763f96
Instruction Fuzzy Hash: 3B4144719052189FDF12EBA4D985AEEB7B8FF48340F0000E6E605EB241EF74A644CB90

Function 00862DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00862E1C
GetWindowLongW.USER32(?,000000F0), ref: 00862E4F
GetWindowLongW.USER32(?,000000F0), ref: 00862E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00862EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00862EE0
GetWindowLongW.USER32(?,000000F0), ref: 00862EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00862F0B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 4fea7e6b7e673537d62ee1a6282aeb5f6704a54d93d3d24ddfbef6bfcda30e2d
Instruction ID: 4121c3f86b0d4ed78c05ac8fdfe5767e59b57baf5f400a1d1cd1bb4523b122b1
Opcode Fuzzy Hash: 4fea7e6b7e673537d62ee1a6282aeb5f6704a54d93d3d24ddfbef6bfcda30e2d
Instruction Fuzzy Hash: C13126306445409FEB20CF58DC88F6537E0FB6A710F1A01A5F951CF2B2CBB2A840DB01

Function 00837726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00837769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0083778F
SysAllocString.OLEAUT32(00000000), ref: 00837792
SysAllocString.OLEAUT32(?), ref: 008377B0
SysFreeString.OLEAUT32(?), ref: 008377B9
StringFromGUID2.OLE32(?,?,00000028), ref: 008377DE
SysAllocString.OLEAUT32(?), ref: 008377EC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 0eadae21edcefad1182d37d51ccb0ded85a87839b429964f57c7501fd9b57bfb
Instruction ID: 33ae849dcceafe28ceff1d92ac97d6c6e94b9fd3b88de25aef2213804349c67c
Opcode Fuzzy Hash: 0eadae21edcefad1182d37d51ccb0ded85a87839b429964f57c7501fd9b57bfb
Instruction Fuzzy Hash: D42192B6608219AFDB20DFA9CC88CBB77ACFB49764B058025F915DB150D670DC41C7A4

Function 008377FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00837842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00837868
SysAllocString.OLEAUT32(00000000), ref: 0083786B
SysAllocString.OLEAUT32 ref: 0083788C
SysFreeString.OLEAUT32 ref: 00837895
StringFromGUID2.OLE32(?,?,00000028), ref: 008378AF
SysAllocString.OLEAUT32(?), ref: 008378BD

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 577330a6a209f4986f00d5518444636e7f784c0044d2a0c900cdcd51aebf30a1
Instruction ID: 9e1834488b6f4b5e4876c3bcff22707b0aa164fd5f067aee00839a981212cbde
Opcode Fuzzy Hash: 577330a6a209f4986f00d5518444636e7f784c0044d2a0c900cdcd51aebf30a1
Instruction Fuzzy Hash: 8821C471605208AFDB209FA9CC8CDBA77ECFB49364B108035F914CB2A0DA70DC41CBA8

Function 008404D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 008404F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0084052E

Strings

nul, xrefs: 00840567

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 756427bd8106382749b4823e2ec7b516443f5705ebe32a85abd9224e878330dd
Instruction ID: 3d8d021f56b6fb3ba7e3cd21106949c59da4d6ab11c88afa787431a581f483b9
Opcode Fuzzy Hash: 756427bd8106382749b4823e2ec7b516443f5705ebe32a85abd9224e878330dd
Instruction Fuzzy Hash: BB213075500309ABDF209F69DC44AAB7BA4FF45768F214A19FAA1E72E0D7B09950CF20

Function 008405A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 008405C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00840601

Strings

nul, xrefs: 00840639

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 2328366ea37a70e71065f6d7a0431eedbcd4e3d1aa4c20e84cbdb35d01ae3c38
Instruction ID: 449be12832d2d3bc7c7dab36f98d1b9e83323fe7712e256e805366a602b2a3ce
Opcode Fuzzy Hash: 2328366ea37a70e71065f6d7a0431eedbcd4e3d1aa4c20e84cbdb35d01ae3c38
Instruction Fuzzy Hash: 0B2181755003099BDB209F698C04AAB77E4FFA5724F214A19FEA2E72E0D7B09860CF10

Function 008640AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007D604C
Part of subcall function 007D600E: GetStockObject.GDI32(00000011), ref: 007D6060
Part of subcall function 007D600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007D606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00864112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0086411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0086412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00864139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00864145

Strings

Msctls_Progress32, xrefs: 008640E3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 0574ca5a9e92f38ec75be4a6fd14480f255682d5df053ac1a161b9cfa253dffa
Instruction ID: 6f08ecb3b5e1d3317fe5aacef59b4cc337a6993d12e48a77f88cbcb3f556e08d
Opcode Fuzzy Hash: 0574ca5a9e92f38ec75be4a6fd14480f255682d5df053ac1a161b9cfa253dffa
Instruction Fuzzy Hash: 1111D0B214021DBEEF119E64CC86EEB7F6DFF09798F014111BA18E2150C6769C219BA4

Function 0080D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0080D7A3: _free.LIBCMT ref: 0080D7CC

_free.LIBCMT ref: 0080D82D

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 0080D838
_free.LIBCMT ref: 0080D843
_free.LIBCMT ref: 0080D897
_free.LIBCMT ref: 0080D8A2
_free.LIBCMT ref: 0080D8AD
_free.LIBCMT ref: 0080D8B8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: fad197dcc1244177481bf05bc1e65ba4ca2ac2f9687b3afe4b4be191722346ff
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 2B112E71540B04AAE6A1BFF8CC4BFCB7BDCFF44700F404825B299E64D2DA75B5058662

Function 0083DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0083DA74
LoadStringW.USER32(00000000), ref: 0083DA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0083DA91
LoadStringW.USER32(00000000), ref: 0083DA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 0083DADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 0083DAB9

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: ac57fb5f40c0197f75c92fe1fc886b52459c9b7d5a702937e196fc216b3216eb
Instruction ID: fbfeac41f82d5d8ee06eae967376bfa9f0f815fe5f36d65987d1fe1090b6e4cf
Opcode Fuzzy Hash: ac57fb5f40c0197f75c92fe1fc886b52459c9b7d5a702937e196fc216b3216eb
Instruction Fuzzy Hash: D3014FF25002187FE710ABE49D89EFA766CF708301F401496F786E2041E6B49E844B74

Function 0084096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(0157DF28,0157DF28), ref: 0084097B
EnterCriticalSection.KERNEL32(0157DF08,00000000), ref: 0084098D
TerminateThread.KERNEL32(?,000001F6), ref: 0084099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 008409A9
CloseHandle.KERNEL32(?), ref: 008409B8
InterlockedExchange.KERNEL32(0157DF28,000001F6), ref: 008409C8
LeaveCriticalSection.KERNEL32(0157DF08), ref: 008409CF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: fd12aa4c9d9554d5b301d7a1a8b27689d682af49ab547d0bcc93a97163f209a1
Instruction ID: 722982687d4ef6000a47edde674ffb05aec2f59ee63b262c153b333fc54283cf
Opcode Fuzzy Hash: fd12aa4c9d9554d5b301d7a1a8b27689d682af49ab547d0bcc93a97163f209a1
Instruction Fuzzy Hash: 21F03C32442A02BBD7415FA4EE9CBE6BB39FF01702F412025F242909A1C7B59465CFA0

Function 007D5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 007D5D30
GetWindowRect.USER32(?,?), ref: 007D5D71
ScreenToClient.USER32(?,?), ref: 007D5D99
GetClientRect.USER32(?,?), ref: 007D5ED7
GetWindowRect.USER32(?,?), ref: 007D5EF8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 0fa9b6383501a4aa438a6b06655d11810584320e092292cdac4939154a7e445e
Instruction ID: 0252f31971b6efa8bbdf313df7ded63c0cf48758054d10c1dac653079472ab5b
Opcode Fuzzy Hash: 0fa9b6383501a4aa438a6b06655d11810584320e092292cdac4939154a7e445e
Instruction Fuzzy Hash: 06B17A34A0078ADBDB10DFA8C4807EEB7F5FF58310F14951AE8AAD7250DB34AA91DB54

Function 008001B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 008000BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008000D6
__allrem.LIBCMT ref: 008000ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0080010B
__allrem.LIBCMT ref: 00800122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00800140

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: 0f0385c91fcdfdcebf9350d183a8348684148e0e794110d7802f00639b41d163
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 4C81E372A00B0A9BE7609E6CCC41B6AB3E9FF41724F24453AF651D73D1EB74D9408B91

Function 00851D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00853149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0085101C,00000000,?,?,00000000), ref: 00853195

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00851DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00851DE1
WSAGetLastError.WSOCK32 ref: 00851DF2
inet_ntoa.WSOCK32(?), ref: 00851E8C
htons.WSOCK32(?,?,?,?,?), ref: 00851EDB
_strlen.LIBCMT ref: 00851F35

Part of subcall function 008339E8: _strlen.LIBCMT ref: 008339F2

Part of subcall function 007D6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,007ECF58,?,?,?), ref: 007D6DBA
Part of subcall function 007D6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,007ECF58,?,?,?), ref: 007D6DED

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: a0dafb06d74253e015661780aaba0893c471417437c00528555b720ae2300942
Instruction ID: 72d3e6f9fccd618c775250946c001c3855616ce3b1f0fc9ae202df3b378efd7f
Opcode Fuzzy Hash: a0dafb06d74253e015661780aaba0893c471417437c00528555b720ae2300942
Instruction Fuzzy Hash: E8A1D231204340AFC724DF24C899F2ABBA5FF85318F54894DF8569B2A2CB75ED49CB91

Function 008061FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007F82D9,007F82D9,?,?,?,0080644F,00000001,00000001,8BE85006), ref: 00806258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0080644F,00000001,00000001,8BE85006,?,?,?), ref: 008062DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008063D8
__freea.LIBCMT ref: 008063E5

Part of subcall function 00803820: RtlAllocateHeap.NTDLL(00000000,?,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6,?,007D1129), ref: 00803852

__freea.LIBCMT ref: 008063EE
__freea.LIBCMT ref: 00806413

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 32ba57176e4c3f681bc1456b994d918de332965fc12ee4ad0b3312f0dfddf4a6
Instruction ID: 92be9e69ae4976502bff7e389ee3251380130b3f3b9ea80b9980087ac0c2c31a
Opcode Fuzzy Hash: 32ba57176e4c3f681bc1456b994d918de332965fc12ee4ad0b3312f0dfddf4a6
Instruction Fuzzy Hash: B351BE72A00216ABEB658F64CC81EAF77A9FF45754F164629F805DA2C0EB34DC70C6A1

Function 0085BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 0085C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0085B6AE,?,?), ref: 0085C9B5
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085C9F1
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA68
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0085BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0085BD25
RegCloseKey.ADVAPI32(00000000), ref: 0085BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0085BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0085BDF3
RegCloseKey.ADVAPI32(?), ref: 0085BDFF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: a893ca4d1df27b50b1a3bd425f622008b65ad5aa5674a954304e7611c72000d6
Instruction ID: 3b6607683a3f4165a144611f118caeb40531c818bc8d1923a0a1aab9aea000f0
Opcode Fuzzy Hash: a893ca4d1df27b50b1a3bd425f622008b65ad5aa5674a954304e7611c72000d6
Instruction Fuzzy Hash: 4F813731208241EFD714DF24C895E2ABBE5FF84308F14855DF9998B2A2DB35ED49CB92

Function 0082F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 0082F7B9
SysAllocString.OLEAUT32(00000001), ref: 0082F860
VariantCopy.OLEAUT32(0082FA64,00000000), ref: 0082F889
VariantClear.OLEAUT32(0082FA64), ref: 0082F8AD
VariantCopy.OLEAUT32(0082FA64,00000000), ref: 0082F8B1
VariantClear.OLEAUT32(?), ref: 0082F8BB

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: f658c71088b8e2506dde5d42d356b15cf8d58e657c3468a6c8163ae935248555
Instruction ID: 0ccc168390f1fc41c67341390627517478dbb6801ad57e8e689dca455443b97c
Opcode Fuzzy Hash: f658c71088b8e2506dde5d42d356b15cf8d58e657c3468a6c8163ae935248555
Instruction Fuzzy Hash: 2551B331600324EACF24AB65E895B29B7B4FF45314B249477EA06DF293DB748CC0C796

Function 0084910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 007D7620: _wcslen.LIBCMT ref: 007D7625

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 008494E5
_wcslen.LIBCMT ref: 00849506
_wcslen.LIBCMT ref: 0084952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00849585

Strings

X, xrefs: 00849412

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 8352f4a126d01df43134fd4a5e93cbd7ab427a31588f93046b5ee2e383f7db89
Instruction ID: 2eaa5ef3cfdf1ac415c8de29cab1cf5acae2deb7803fa82e606b8f50f602400f
Opcode Fuzzy Hash: 8352f4a126d01df43134fd4a5e93cbd7ab427a31588f93046b5ee2e383f7db89
Instruction Fuzzy Hash: 51E19E31604304DFC724DF24C885A6AB7E0FF85314F15896DE9999B3A2EB35ED05CB92

Function 007E920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

BeginPaint.USER32(?,?,?), ref: 007E9241
GetWindowRect.USER32(?,?), ref: 007E92A5
ScreenToClient.USER32(?,?), ref: 007E92C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007E92D3
EndPaint.USER32(?,?,?,?,?), ref: 007E9321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008271EA

Part of subcall function 007E9339: BeginPath.GDI32(00000000), ref: 007E9357

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 87abe63f4f5480d8f14eecedcac7a3d20e4d0539fce1cbb5ced7da40dc2bf059
Instruction ID: f496609490f45d9eb5cfae87e6e53328883241418a4d25d64d4305ee33ff4861
Opcode Fuzzy Hash: 87abe63f4f5480d8f14eecedcac7a3d20e4d0539fce1cbb5ced7da40dc2bf059
Instruction Fuzzy Hash: 6341A071105250AFDB11DF26D888FBB7BA8FF5A320F140229FAA4C71A1C7759845DB62

Function 008407EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 0084080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00840847
EnterCriticalSection.KERNEL32(?), ref: 00840863
LeaveCriticalSection.KERNEL32(?), ref: 008408DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008408F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00840921

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: df68219daa4803ff8c5d2ca5066e6c9f5cd611d80c86f31a339bfe3e9389ef2b
Instruction ID: 937d67721e2bc28f733b7a1893f3c61b8d121a4770724a100b4a41486213b08e
Opcode Fuzzy Hash: df68219daa4803ff8c5d2ca5066e6c9f5cd611d80c86f31a339bfe3e9389ef2b
Instruction Fuzzy Hash: 88416B71900209EBDF14AF54DC85A6A7B78FF08300F1440A9EE00DA297DB74EE60DFA0

Function 008681DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0082F3AB,00000000,?,?,00000000,?,0082682C,00000004,00000000,00000000), ref: 0086824C
EnableWindow.USER32(?,00000000), ref: 00868272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 008682D1
ShowWindow.USER32(?,00000004), ref: 008682E5
EnableWindow.USER32(?,00000001), ref: 0086830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0086832F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: 5cc2ff6f1706b3c0cdf6d58c703b6b6e7c3e9ba955614e879acf284e0270c153
Instruction ID: 15555c4e99de4006c9cb0bb30db23b547d3ddf712d5877362e699447f9fc4127
Opcode Fuzzy Hash: 5cc2ff6f1706b3c0cdf6d58c703b6b6e7c3e9ba955614e879acf284e0270c153
Instruction Fuzzy Hash: 71418334601644EFDF21CF25C9A9BA57BE1FB0A714F1A5269E64C8B362CB71A841CB50

Function 00834C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00834C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00834CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00834CEA
_wcslen.LIBCMT ref: 00834D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00834D10
_wcsstr.LIBVCRUNTIME ref: 00834D1A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: 872000e28eb2ff2298d8a2610e7ecec3ebd55546077e2aa6b22726fe49426f46
Instruction ID: 53eeae351c9b8f96ffd22143dcaf7d0818ebebe30baa3cd930492988a3b52d98
Opcode Fuzzy Hash: 872000e28eb2ff2298d8a2610e7ecec3ebd55546077e2aa6b22726fe49426f46
Instruction Fuzzy Hash: F1213B31205244BBEB155B35EC09E7B7B9CEF89750F10903DF805CA192EEB5EC0186E0

Function 0084581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 007D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007D3A97,?,?,007D2E7F,?,?,?,00000000), ref: 007D3AC2

_wcslen.LIBCMT ref: 0084587B
CoInitialize.OLE32(00000000), ref: 00845995
CoCreateInstance.OLE32(0086FCF8,00000000,00000001,0086FB68,?), ref: 008459AE
CoUninitialize.OLE32 ref: 008459CC

Strings

.lnk, xrefs: 00845876, 008458C1, 00845985

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: dc990207dfd4852f9c14b46fd718e7763a5746b5af77d0a24ea02ad496dd31ab
Instruction ID: 993ee63a0d37814e2b24fa831c320c6a9768a624480fa157b41b43d6bf36c42d
Opcode Fuzzy Hash: dc990207dfd4852f9c14b46fd718e7763a5746b5af77d0a24ea02ad496dd31ab
Instruction Fuzzy Hash: BBD14171608609DFC714DF24C48492EBBE1FF89724F14895AF88A9B362DB31EC05CB92

Function 0083175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00830FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00830FCA
Part of subcall function 00830FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00830FD6
Part of subcall function 00830FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00830FE5
Part of subcall function 00830FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00830FEC
Part of subcall function 00830FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00831002

GetLengthSid.ADVAPI32(?,00000000,00831335), ref: 008317AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 008317BA
HeapAlloc.KERNEL32(00000000), ref: 008317C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 008317DA
GetProcessHeap.KERNEL32(00000000,00000000,00831335), ref: 008317EE
HeapFree.KERNEL32(00000000), ref: 008317F5

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 3c07dfa1ee25bf882803c02e6b17169f59c8f5888fd5ce6043eb3d3c18b629b5
Instruction ID: 85244599a7920b2770d4f397b113a604a1522899dbd0444918461bda0efe8b4b
Opcode Fuzzy Hash: 3c07dfa1ee25bf882803c02e6b17169f59c8f5888fd5ce6043eb3d3c18b629b5
Instruction Fuzzy Hash: 2711A932600605EFDF209FA4CC49BBE7BA9FB82759F184018F481E7214C776A944CBA0

Function 008314CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008314FF
OpenProcessToken.ADVAPI32(00000000), ref: 00831506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00831515
CloseHandle.KERNEL32(00000004), ref: 00831520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0083154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00831563

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: d7bd54e830a5804fec4fd70395d1fe0fbaf78140f23eeb3e12270bc008450929
Instruction ID: fb42983f28fea5760b6a1e812bbe37ecc69cd57d5a7874a827799b4545147533
Opcode Fuzzy Hash: d7bd54e830a5804fec4fd70395d1fe0fbaf78140f23eeb3e12270bc008450929
Instruction Fuzzy Hash: EE11597250020DABDF118F98DD49FEE7BA9FF88B44F054015FA05E2160C3B58E60DBA0

Function 007F3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,007F3379,007F2FE5), ref: 007F3390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007F339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007F33B7
SetLastError.KERNEL32(00000000,?,007F3379,007F2FE5), ref: 007F3409

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 0a0ab56a20d55588e2dbd3ba4a63c79e4043bad007ea3e197a5c17a2d7ec4595
Instruction ID: 2733c64a2ab8ef3faaa7d115941d00fb5f20b4c57a8063af797444aa450afb6e
Opcode Fuzzy Hash: 0a0ab56a20d55588e2dbd3ba4a63c79e4043bad007ea3e197a5c17a2d7ec4595
Instruction Fuzzy Hash: 7101DF33609719BEAA2537B8BC89A772A94FB05379B20022AF710C53F0EF5A4E115554

Function 00802D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00805686,00813CD6,?,00000000,?,00805B6A,?,?,?,?,?,007FE6D1,?,00898A48), ref: 00802D78
_free.LIBCMT ref: 00802DAB
_free.LIBCMT ref: 00802DD3
SetLastError.KERNEL32(00000000,?,?,?,?,007FE6D1,?,00898A48,00000010,007D4F4A,?,?,00000000,00813CD6), ref: 00802DE0
SetLastError.KERNEL32(00000000,?,?,?,?,007FE6D1,?,00898A48,00000010,007D4F4A,?,?,00000000,00813CD6), ref: 00802DEC
_abort.LIBCMT ref: 00802DF2

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: a9957c160342e82ef4c53fb4474138595afe9b7c923dba02329f3363541cb3e1
Instruction ID: 37858004c1a21d95f50b84624bd964be2c58f25a0f9361e9290400223d51790b
Opcode Fuzzy Hash: a9957c160342e82ef4c53fb4474138595afe9b7c923dba02329f3363541cb3e1
Instruction Fuzzy Hash: 77F0C83664560467D6D2373CBC0EE2A2A5DFFC27A5F354519FD24D22E2EFE58C014162

Function 00868A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 007E9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007E9693
Part of subcall function 007E9639: SelectObject.GDI32(?,00000000), ref: 007E96A2
Part of subcall function 007E9639: BeginPath.GDI32(?), ref: 007E96B9
Part of subcall function 007E9639: SelectObject.GDI32(?,00000000), ref: 007E96E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00868A4E
LineTo.GDI32(?,00000003,00000000), ref: 00868A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00868A70
LineTo.GDI32(?,00000000,00000003), ref: 00868A80
EndPath.GDI32(?), ref: 00868A90
StrokePath.GDI32(?), ref: 00868AA0

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 1a6fa9fb28381a22d7005ea5e028bb3ba185681c0249759a32624a83a1c798ba
Instruction ID: 7d9f5a9ed9f8ce568a6349ebf7ee4607c5d54a2b87b16964e5625fcb22ff2b19
Opcode Fuzzy Hash: 1a6fa9fb28381a22d7005ea5e028bb3ba185681c0249759a32624a83a1c798ba
Instruction Fuzzy Hash: 87110976000118FFEF129F94EC88EAA7F6CFB08390F058012FA599A1A1C7719D55DBA1

Function 008351FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00835218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00835229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00835230
ReleaseDC.USER32(00000000,00000000), ref: 00835238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 0083524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00835261

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 4d206b98c540457ab60e913293f0eb017149f6dbb28a22d1be641cbc2de87343
Instruction ID: 7fd214e856f8454af5f7fbfd85c6d2499b12c863d52878f2e2e75ebf86681435
Opcode Fuzzy Hash: 4d206b98c540457ab60e913293f0eb017149f6dbb28a22d1be641cbc2de87343
Instruction Fuzzy Hash: 5A016775E01714BBEB105BA59C49E5EBF78FF44751F045065FA45E7281DAB09C00CFA1

Function 007D1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 007D1BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 007D1BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 007D1C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 007D1C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 007D1C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 007D1C22

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: f2f5434d90278a4c11252bb8d46cf4685e37e37e90edb7acfad42b2e8c1c8f7f
Instruction ID: 687ba47921f3d03b5538a56ecf57692ef54e8509ca7cffaf1fbbfa4d7c11a39e
Opcode Fuzzy Hash: f2f5434d90278a4c11252bb8d46cf4685e37e37e90edb7acfad42b2e8c1c8f7f
Instruction Fuzzy Hash: 090167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BE15C4BA42C7F5A864CBE5

Function 0083EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0083EB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0083EB46
GetWindowThreadProcessId.USER32(?,?), ref: 0083EB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0083EB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0083EB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0083EB75

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: cc679814a6a0bf1107b1dd6f8cb7e5906394c7dd12174a6988bcbcb5f3a74824
Instruction ID: 7a565d3d1b98be744fb3caeef5aa1684c47839155607acf7d6caa976e4961c81
Opcode Fuzzy Hash: cc679814a6a0bf1107b1dd6f8cb7e5906394c7dd12174a6988bcbcb5f3a74824
Instruction Fuzzy Hash: F1F01772240158BBE6216B62DC0EEBB7A7CFFCAB11F011159F642E119196E05A0186B9

Function 00827439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00827452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00827469
GetWindowDC.USER32(?), ref: 00827475
GetPixel.GDI32(00000000,?,?), ref: 00827484
ReleaseDC.USER32(?,00000000), ref: 00827496
GetSysColor.USER32(00000005), ref: 008274B0

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: 2897eea65885b5f14b39f3a13f314bcc9b57e3da8ee26c2ea8d9c5bcffba9bea
Instruction ID: 4bf8432fa100c91517f8eaeb60373b00df933e4337fbf0e235d2afd98540852f
Opcode Fuzzy Hash: 2897eea65885b5f14b39f3a13f314bcc9b57e3da8ee26c2ea8d9c5bcffba9bea
Instruction Fuzzy Hash: 8A01AD31400215EFEB506FA4EC08BBA7BB5FF14311F126064FA56A21A0CB711E41EB54

Function 00831874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 0083187F
UnloadUserProfile.USERENV(?,?), ref: 0083188B
CloseHandle.KERNEL32(?), ref: 00831894
CloseHandle.KERNEL32(?), ref: 0083189C
GetProcessHeap.KERNEL32(00000000,?), ref: 008318A5
HeapFree.KERNEL32(00000000), ref: 008318AC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 77fa3bc4b8aec97cba6e7526bab630de11023e402109ab50f0ba13f19ac2428a
Instruction ID: 45855c8a8b1cd25d42f9f75e000cfc1966f085fd8d47c355138f82c4cfbfbdfc
Opcode Fuzzy Hash: 77fa3bc4b8aec97cba6e7526bab630de11023e402109ab50f0ba13f19ac2428a
Instruction Fuzzy Hash: 87E0E536004101BBDB016FA6ED0CD1AFF39FF4AB22B129221F26581170CBB29420DF60

Function 0083C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D7620: _wcslen.LIBCMT ref: 007D7625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0083C6EE
_wcslen.LIBCMT ref: 0083C735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0083C79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0083C7CA

Strings

0, xrefs: 0083C6AF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: b430de7b9c043a5a198b8e108a3b4f3845b0e200b868fd726c6689e66b4e5153
Instruction ID: 9f95cf98174b014e67d1d3b28d807a691b3774ae55d9d38d2072a5a1c9f122d2
Opcode Fuzzy Hash: b430de7b9c043a5a198b8e108a3b4f3845b0e200b868fd726c6689e66b4e5153
Instruction Fuzzy Hash: 6951BF716143019BD7149F28C889B6BB7E8FFD9314F040A2DF995F32A1EBA4D904CB92

Function 0085AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 0085AEA3

Part of subcall function 007D7620: _wcslen.LIBCMT ref: 007D7625

GetProcessId.KERNEL32(00000000), ref: 0085AF38
CloseHandle.KERNEL32(00000000), ref: 0085AF67

Strings

@, xrefs: 0085AE72
<, xrefs: 0085AE6B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: da0e2c01cc21aa1fa386674d10267819eff7c9bcc01b944da79b2d44761e914b
Instruction ID: 0bee7db29d7fd59d5ed00fc8b39cf4986e3bc60b10c3821ba258fd39ffcb93a1
Opcode Fuzzy Hash: da0e2c01cc21aa1fa386674d10267819eff7c9bcc01b944da79b2d44761e914b
Instruction Fuzzy Hash: 41718C75A00219DFCB18DF54D489A9EBBF0FF08304F04859AE816AB352DB74ED45CB91

Function 0083719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00837206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0083723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0083724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008372CF

Strings

DllGetClassObject, xrefs: 00837242

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 89306fea5b1e11ba8d9072c512c990c6cfc4c51692de9449804bc763fe51f1f9
Instruction ID: 640867ce8fd61e76147eb52f6ae53e3a644028ecf0cbd4234357a4472f743381
Opcode Fuzzy Hash: 89306fea5b1e11ba8d9072c512c990c6cfc4c51692de9449804bc763fe51f1f9
Instruction Fuzzy Hash: 66412DB1604205EFDB25CF94C884A9B7BA9FF85314F1580A9BD06DF20AD7B5D944CBE0

Function 00863D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00863E35
IsMenu.USER32(?), ref: 00863E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00863E92
DrawMenuBar.USER32 ref: 00863EA5

Strings

0, xrefs: 00863D89

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 9e2a095f1c7f694f759118abd1039df231890f669e269497da46c75c4a394367
Instruction ID: 1710b10faf9fd7761b673543355a6320d7cc6921f82d706dcba0f64e877d3a80
Opcode Fuzzy Hash: 9e2a095f1c7f694f759118abd1039df231890f669e269497da46c75c4a394367
Instruction Fuzzy Hash: AB4154B5A00209EFDB10DF60D888EAABBF9FF49354F05402AE905AB650D735AE40CF60

Function 00831DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00831E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00831E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00831EA9

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

Strings

ListBox, xrefs: 00831E25
ComboBox, xrefs: 00831DF0

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: 51de5db4710525733c6176a1fb0a7f0c873b2e588900fdb4368a1cc072f655f3
Instruction ID: 2ac97ce0731a2bd16e092f3e67138206709c84e69b9ce9e377e1a338b39c8238
Opcode Fuzzy Hash: 51de5db4710525733c6176a1fb0a7f0c873b2e588900fdb4368a1cc072f655f3
Instruction Fuzzy Hash: B9212371A00104AEDF14AB64DC49CFFB7B8FF85764F14411AF825E32E0DB794D0A8660

Function 0085C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0085C9F1
_wcslen.LIBCMT ref: 0085CA68
_wcslen.LIBCMT ref: 0085CA9E
_wcslen.LIBCMT ref: 0085CAF9
_wcslen.LIBCMT ref: 0085CB2F
_wcslen.LIBCMT ref: 0085CB7F

Strings

HKLM, xrefs: 0085CA98, 0085CA9D
HKEY_LOCAL_MACHINE, xrefs: 0085CA62, 0085CA67

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: 3b12583bfcd084839f6d5eb03458551d0d734fd5b5504bf775f2d8aa12be6326
Instruction ID: 944d28699e858fbbc5174728bf527b21acd4bcdf4d6f23c9ba21ea13b0a5d663
Opcode Fuzzy Hash: 3b12583bfcd084839f6d5eb03458551d0d734fd5b5504bf775f2d8aa12be6326
Instruction Fuzzy Hash: B431F7B26002798FCF22EF6C99404BF3BA1FBA1752B054029EC45EB345E674CD48DBA0

Function 00862F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00862F8D
LoadLibraryW.KERNEL32(?), ref: 00862F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00862FA9
DestroyWindow.USER32(?), ref: 00862FB1

Strings

SysAnimate32, xrefs: 00862F68

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: ecb8d5bc115c4f85dd7b72fad87bdd3a94f3aa44f380cc1f71c1db61b2b5b447
Instruction ID: 28910fe9f4c37563576dfc74d62e9840f1fdb8f6cf2f9de95c536a001d56d85b
Opcode Fuzzy Hash: ecb8d5bc115c4f85dd7b72fad87bdd3a94f3aa44f380cc1f71c1db61b2b5b447
Instruction Fuzzy Hash: 8121DC71200609ABEF205FA4DC80FBB37B9FF59368F124268FA50D61A0CBB1DC519760

Function 007F4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007F4D1E,008028E9,?,007F4CBE,008028E9,008988B8,0000000C,007F4E15,008028E9,00000002), ref: 007F4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007F4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,007F4D1E,008028E9,?,007F4CBE,008028E9,008988B8,0000000C,007F4E15,008028E9,00000002,00000000), ref: 007F4DC3

Strings

mscoree.dll, xrefs: 007F4D86
CorExitProcess, xrefs: 007F4D98

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9b4f72a97975287ac950f5891c2cf956afa6e2d54d21bb8cfff60523bd7b6257
Instruction ID: 722cd4dc54e1bdfecc5725ae667188a03582b0d680417e4766dcbe4ad7bced1d
Opcode Fuzzy Hash: 9b4f72a97975287ac950f5891c2cf956afa6e2d54d21bb8cfff60523bd7b6257
Instruction Fuzzy Hash: 2AF04F34A4020CFBDB159F94DC49BBEBBB5FF44752F0540A5FA09A2360DB759940CB90

Function 0082D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 0082D3AD
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0082D3BF
FreeLibrary.KERNEL32(00000000), ref: 0082D3E5

Strings

GetSystemWow64DirectoryW, xrefs: 0082D3B9
X64, xrefs: 0082D2A8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 145871493-2590602151
Opcode ID: 56acc7635ec59a8e162ee66810f510506ebedb2c72ae03935ba7bb40182e2d97
Instruction ID: ee55df78d4b2c9c4a4cd8b794dae97da1a7f13b66ca70176b47b07baf1497b6c
Opcode Fuzzy Hash: 56acc7635ec59a8e162ee66810f510506ebedb2c72ae03935ba7bb40182e2d97
Instruction Fuzzy Hash: 78F05C31406770DBDB7267109C0C97A3F10FF12701F6A8056F842E6201E764CCC486C1

Function 007D4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,007D4EDD,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007D4EAE
FreeLibrary.KERNEL32(00000000,?,?,007D4EDD,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4EC0

Strings

kernel32.dll, xrefs: 007D4E94
Wow64DisableWow64FsRedirection, xrefs: 007D4EA8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 5ae4dd9c37ccc0a770bab64cd97c8e4560bad834c27b165545f25ce5cba3b315
Instruction ID: 9de458723e45d0029d1a1cb5d66f2cb942ee730e5f33f2b0475bffe02b9a5a06
Opcode Fuzzy Hash: 5ae4dd9c37ccc0a770bab64cd97c8e4560bad834c27b165545f25ce5cba3b315
Instruction Fuzzy Hash: 58E0E635A015226B92711B25AC19A7B7664BF86B6270A0116FD45D2351DBB8CD0145A1

Function 007D4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00813CDE,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007D4E74
FreeLibrary.KERNEL32(00000000,?,?,00813CDE,?,008A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007D4E87

Strings

kernel32.dll, xrefs: 007D4E5B
Wow64RevertWow64FsRedirection, xrefs: 007D4E6E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: f24b0283ae896b0715653a2d9263679abb4e88d818bf0dcff4638537704c6980
Instruction ID: 218106695dc267e442a51e82e977eea59d0e543f15694cee98d9b87d3399f11f
Opcode Fuzzy Hash: f24b0283ae896b0715653a2d9263679abb4e88d818bf0dcff4638537704c6980
Instruction Fuzzy Hash: 1DD012355026A1675A222B25FC18DAB7B28FFC6B613070616F945E2314CFB8CD0185D0

Function 00842947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00842C05
DeleteFileW.KERNEL32(?), ref: 00842C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00842C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00842CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00842CC0

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 52f7af0681d707c6ebf1af0749a280919180d34a138c47051d974cdc75854a8e
Instruction ID: 6b68b08c36382d805d57ab32d268f3660f3197392dfff93e2b1ec02d5eaf581e
Opcode Fuzzy Hash: 52f7af0681d707c6ebf1af0749a280919180d34a138c47051d974cdc75854a8e
Instruction Fuzzy Hash: 66B15D7190411DABDF21EBA4CC89EEEBB7DFF48354F5040A6F609E6241EA349A448F61

Function 0085A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 0085A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0085A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 0085A468
CloseHandle.KERNEL32(?), ref: 0085A63D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 6a12f2e3939daa1bece2c971b0c8c6446c1f38efd1130e6768567293fcb7ee7c
Instruction ID: 7ace27999102b3f016e783dc78ca0cadcc6a011880f4eb4bc54a39b77452d812
Opcode Fuzzy Hash: 6a12f2e3939daa1bece2c971b0c8c6446c1f38efd1130e6768567293fcb7ee7c
Instruction Fuzzy Hash: C3A18A716043019FD724DF24C886B2AB7E1EB88714F14891DF99ADB392D7B4EC448B92

Function 0083E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0083DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0083CF22,?), ref: 0083DDFD

Part of subcall function 0083DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0083CF22,?), ref: 0083DE16

Part of subcall function 0083E199: GetFileAttributesW.KERNEL32(?,0083CF95), ref: 0083E19A

lstrcmpiW.KERNEL32(?,?), ref: 0083E473
MoveFileW.KERNEL32(?,?), ref: 0083E4AC
_wcslen.LIBCMT ref: 0083E5EB
_wcslen.LIBCMT ref: 0083E603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0083E650

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: b91baca6463b312e4ba439668bb12c3b66b7536ad0f4837066d3a78e76c03a6e
Instruction ID: 9919815346d7804bce73bbb215cb336cb2bad4b94f7453523ea2811b220d5172
Opcode Fuzzy Hash: b91baca6463b312e4ba439668bb12c3b66b7536ad0f4837066d3a78e76c03a6e
Instruction Fuzzy Hash: 295183B24087459BC724DB94D8859EFB7ECEFC4340F00491EF689D3191EF74A58887AA

Function 0085B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 0085C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0085B6AE,?,?), ref: 0085C9B5
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085C9F1
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA68
Part of subcall function 0085C998: _wcslen.LIBCMT ref: 0085CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0085BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0085BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0085BB63
RegCloseKey.ADVAPI32(?,?), ref: 0085BBA6
RegCloseKey.ADVAPI32(00000000), ref: 0085BBB3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 9ee9d163718aab840eea1485a372adfa2d62a9019cd786135ff36c0cd504057d
Instruction ID: 2ccaa2c44486ecd5bbb3a8be1ddc9c82817d699e0538601333b71591ffb3a0ea
Opcode Fuzzy Hash: 9ee9d163718aab840eea1485a372adfa2d62a9019cd786135ff36c0cd504057d
Instruction Fuzzy Hash: 07618C31208241EFD714DF24C494E2ABBE5FF84318F54855DF8998B2A2DB35ED49CB92

Function 00838BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00838BCD
VariantClear.OLEAUT32 ref: 00838C3E
VariantClear.OLEAUT32 ref: 00838C9D
VariantClear.OLEAUT32(?), ref: 00838D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00838D3B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 24a20db3196513e65e624e27818af10a205cdd3a5eaafd089d00d40b4b01a326
Instruction ID: 425b2f9e228a96fd76c375573769bb383a0268bc20cbfe24ec16f9c04b06aafa
Opcode Fuzzy Hash: 24a20db3196513e65e624e27818af10a205cdd3a5eaafd089d00d40b4b01a326
Instruction Fuzzy Hash: A65147B5A00219EFCB14CF68C894AAAB7F8FF89314F158559F905DB350EB34E911CBA0

Function 00848AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00848BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00848BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00848C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00848C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00848C5F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: ca517824c50980662af1cd81376e8a8dd69d2d0489e9aed193805bd3136f180a
Instruction ID: 61d0de38ce467a8ef396912553555582b261f7228826ca20ca343d0f95ceadc6
Opcode Fuzzy Hash: ca517824c50980662af1cd81376e8a8dd69d2d0489e9aed193805bd3136f180a
Instruction Fuzzy Hash: AB515A35A00219DFCB05DF65C884A6DBBF5FF48314F088059E84AAB362DB35ED51CBA1

Function 00858EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00858F40
GetProcAddress.KERNEL32(00000000,?), ref: 00858FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00858FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00859032
FreeLibrary.KERNEL32(00000000), ref: 00859052

Part of subcall function 007EF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00841043,?,753CE610), ref: 007EF6E6
Part of subcall function 007EF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0082FA64,00000000,00000000,?,?,00841043,?,753CE610,?,0082FA64), ref: 007EF70D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 6ec6981ea4483b56632af7e22a6259553a7b30d861e01afa1bda0fc4af9ea462
Instruction ID: 4e82d08cedc897426bc670ce55165b9d7162791eebff91b28ac4d84a410812c9
Opcode Fuzzy Hash: 6ec6981ea4483b56632af7e22a6259553a7b30d861e01afa1bda0fc4af9ea462
Instruction Fuzzy Hash: EA512935600245DFC715DF58C4948ADBBF1FF49315B0980AAEC4AAB362DB35ED89CB90

Function 00866B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00866C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00866C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00866C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0084AB79,00000000,00000000), ref: 00866C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00866CC7

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: e8da5136f5decd2a93564dc31c7f1bd4a12149bffbe012b7fc9269a0e1be9136
Instruction ID: b8b08d24a00213aeca5af239b4339d649611bca8924755320d388e7795f42e5e
Opcode Fuzzy Hash: e8da5136f5decd2a93564dc31c7f1bd4a12149bffbe012b7fc9269a0e1be9136
Instruction Fuzzy Hash: C841D635A04584AFDB24CF28CC59FB57FA5FB09364F160228F895E72E0E371AD61CA40

Function 00802051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 008020C3
_free.LIBCMT ref: 008020E3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: e9bdddf38ad54571e5b2218e53834f071da863af7b08141b1a097220df84aff7
Instruction ID: 26deb6b3402912def2d0ba03a5a17e54c6465d59b4ee11bc33a14275666d7848
Opcode Fuzzy Hash: e9bdddf38ad54571e5b2218e53834f071da863af7b08141b1a097220df84aff7
Instruction Fuzzy Hash: 0F41E132A00604DFCB20DF78CC88A5EB7B5FF89314F1545A9E615EB392DA71AD01CB81

Function 007E912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 007E9141
ScreenToClient.USER32(00000000,?), ref: 007E915E
GetAsyncKeyState.USER32(00000001), ref: 007E9183
GetAsyncKeyState.USER32(00000002), ref: 007E919D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 8c2c8a9d7e896fa3e91d1aa0ccb6d0cdf436cbfb77869c82b05265fa9de129ab
Instruction ID: 5c77d0dc55b3abd452984299c820b7d5fadd9084ce1bf90980e77aa802a823ee
Opcode Fuzzy Hash: 8c2c8a9d7e896fa3e91d1aa0ccb6d0cdf436cbfb77869c82b05265fa9de129ab
Instruction Fuzzy Hash: 7741613190855AFBDF159F69D848BEEB774FF09324F204219E529A32D0C7745D90CB51

Function 00843874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 008438CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00843922
TranslateMessage.USER32(?), ref: 0084394B
DispatchMessageW.USER32(?), ref: 00843955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00843966

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 81681e0811f55dee0a1fb6e5ecc518ee3e040ad39f33e2f577e67d5ecf76fe92
Instruction ID: d8aed37640d53bfe4ae4bd9a38933d9dd1894a7926a01ea8d4e2f4232ec67475
Opcode Fuzzy Hash: 81681e0811f55dee0a1fb6e5ecc518ee3e040ad39f33e2f577e67d5ecf76fe92
Instruction Fuzzy Hash: 6131A27090434A9EFF35CB75984CBB6BFA8FB17304F040569E4A2C29A0E7F49A85CB11

Function 0084CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0084C21E,00000000), ref: 0084CF38
InternetReadFile.WININET(?,00000000,?,?), ref: 0084CF6F
GetLastError.KERNEL32(?,00000000,?,?,?,0084C21E,00000000), ref: 0084CFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,0084C21E,00000000), ref: 0084CFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,0084C21E,00000000), ref: 0084CFF2

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: a8d70d7927af259521e06aef297c784b268173afec18a42334a5450b5e1cca32
Instruction ID: 1eef0b99a61d52a74a60a04fdfc7d779ea2821615e87fc99600fd0acd4873d8b
Opcode Fuzzy Hash: a8d70d7927af259521e06aef297c784b268173afec18a42334a5450b5e1cca32
Instruction Fuzzy Hash: EE317C71601209EFDB60DFA5C884AABBBFDFB14314B10442EF506D2201DBB8AE449B60

Function 00831901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00831915
PostMessageW.USER32(00000001,00000201,00000001), ref: 008319C1
Sleep.KERNEL32(00000000,?,?,?), ref: 008319C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 008319DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 008319E2

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 595175a7e1510984a45d84e33cdb19f69f6bf0bcbc7de3b95161e24b23c19142
Instruction ID: 96290250ead829fdda8c80b5262d804e2e9dece0de48b46a2bd86cc1bc305324
Opcode Fuzzy Hash: 595175a7e1510984a45d84e33cdb19f69f6bf0bcbc7de3b95161e24b23c19142
Instruction Fuzzy Hash: 8B318C71A00219AFCB04CFA8C999BAE3BB5FB45715F504229F961E72D1C7B09954CB90

Function 00865706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00865745
SendMessageW.USER32(?,00001074,?,00000001), ref: 0086579D
_wcslen.LIBCMT ref: 008657AF
_wcslen.LIBCMT ref: 008657BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00865816

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 38a5aa81f7189a9fe0211fae387d8ca230a0a4ef595d596c23c6c9da2385154c
Instruction ID: b47482522c79b97125905bc87a323f167c7214f2307f8bdc7c1b348f01b45eb3
Opcode Fuzzy Hash: 38a5aa81f7189a9fe0211fae387d8ca230a0a4ef595d596c23c6c9da2385154c
Instruction Fuzzy Hash: D521B67190461CDADB208F60CC84AEE7BB8FF04724F118256F929EB280DB749985CF50

Function 007E990F Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 007E98CC
SetTextColor.GDI32(?,?), ref: 007E98D6
SetBkMode.GDI32(?,00000001), ref: 007E98E9
GetStockObject.GDI32(00000005), ref: 007E98F1
GetWindowLongW.USER32(?,000000EB), ref: 007E9952

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Color$LongModeObjectStockTextWindow
String ID:
API String ID: 1860813098-0
Opcode ID: 6eddec52540ae05a32eee16e056dd7ec444d00866516f95f8b8ee3c3bb5505de
Instruction ID: bf8de58bf2b48a27cbf325c333f37efa6b1c1b5f438e338e3cddc7ee0a493e85
Opcode Fuzzy Hash: 6eddec52540ae05a32eee16e056dd7ec444d00866516f95f8b8ee3c3bb5505de
Instruction Fuzzy Hash: 8D2126724462D09FCB228F36EC58AE53FA0AF5B331F09019DE6928A1A2D77D5990CB50

Function 00850930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00850951
GetForegroundWindow.USER32 ref: 00850968
GetDC.USER32(00000000), ref: 008509A4
GetPixel.GDI32(00000000,?,00000003), ref: 008509B0
ReleaseDC.USER32(00000000,00000003), ref: 008509E8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 93e01f550b55d523f1487c698deaea09021a4f99817c26ccca3726e8444b4c98
Instruction ID: 6ea83cb1a64d0a839caaa5c9ad13f3dc30082e7346128be0ff4ee43adf4f58bc
Opcode Fuzzy Hash: 93e01f550b55d523f1487c698deaea09021a4f99817c26ccca3726e8444b4c98
Instruction Fuzzy Hash: AE215E35A00204AFD704EF69D888AAEBBF5FF58701F05806DE84AD7352CA74AC44CB50

Function 0080CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0080CDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0080CDE9

Part of subcall function 00803820: RtlAllocateHeap.NTDLL(00000000,?,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6,?,007D1129), ref: 00803852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0080CE0F
_free.LIBCMT ref: 0080CE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0080CE31

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: d763238c30efed94a8dc3c56f716537dc803184f71ad1bc49c3431777e63f43b
Instruction ID: 37c45910c2738f3263cfdd9373546b5702ca26e6cd0eface0628250e15a3ac5f
Opcode Fuzzy Hash: d763238c30efed94a8dc3c56f716537dc803184f71ad1bc49c3431777e63f43b
Instruction Fuzzy Hash: AC0175726012157FA3611FBAEC4CD7B796DFEC6BA13150229FD05D6281DA618D0191B1

Function 007E9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007E9693
SelectObject.GDI32(?,00000000), ref: 007E96A2
BeginPath.GDI32(?), ref: 007E96B9
SelectObject.GDI32(?,00000000), ref: 007E96E2

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 9c466df31c6c10ee1fad4b28a591f207d3ebf9dc98f7f1f8b7e325ba4559d492
Instruction ID: 9833b296457b68698884e5fc11e43f17470eedc70002feb1d20accab26943e7b
Opcode Fuzzy Hash: 9c466df31c6c10ee1fad4b28a591f207d3ebf9dc98f7f1f8b7e325ba4559d492
Instruction Fuzzy Hash: D8218032802385EBEF119F26EC1C7AA7FA8BB06355F540216F510A65B0D3B85992CB95

Function 00835711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00835726
_memcmp.LIBVCRUNTIME ref: 00835744
_memcmp.LIBVCRUNTIME ref: 00835757
_memcmp.LIBVCRUNTIME ref: 0083576F
_memcmp.LIBVCRUNTIME ref: 00835787

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 32daae4a8f38b24596a3a3d1935de0e88f89d74e79f1276d14f84c87e6f5215d
Instruction ID: 2bb5f47a2af9611ef6f6d840a73355d62b5926c004f850489156df8560c28762
Opcode Fuzzy Hash: 32daae4a8f38b24596a3a3d1935de0e88f89d74e79f1276d14f84c87e6f5215d
Instruction Fuzzy Hash: 4301926164561DFAD6085510AD82EBA635DFFA13A8F814020FE14DA342F668ED10C2E0

Function 00802DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,007FF2DE,00803863,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6), ref: 00802DFD
_free.LIBCMT ref: 00802E32
_free.LIBCMT ref: 00802E59
SetLastError.KERNEL32(00000000,007D1129), ref: 00802E66
SetLastError.KERNEL32(00000000,007D1129), ref: 00802E6F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: e51d489a02ac2b7818a257d5661a1bef9d7252ab5ee904b97a5fd1b973f449f9
Instruction ID: e656eefbfb9a9ec63dec56660faadf4020310c36e474bf22c9bc39bdb22d004f
Opcode Fuzzy Hash: e51d489a02ac2b7818a257d5661a1bef9d7252ab5ee904b97a5fd1b973f449f9
Instruction Fuzzy Hash: 1B0128362856006BC6927738AC4ED2B2A5DFFD13B9B350029F965E23E3EFF48C014121

Function 0083000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?,?,0083035E), ref: 0083002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?), ref: 00830046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?), ref: 00830054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?), ref: 00830064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0082FF41,80070057,?,?), ref: 00830070

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: ba6f2b02e64848e0628e09b10413a46a5f66706316bad298ed33be47c807c383
Instruction ID: 6f875fd63380c677171821aa7c090ec9124e575df0da376b115ffda4c67d79ed
Opcode Fuzzy Hash: ba6f2b02e64848e0628e09b10413a46a5f66706316bad298ed33be47c807c383
Instruction Fuzzy Hash: 2001DB72600608BFDB209F68DC54BAA7AADFB88792F118024F845D3210E7B4CD008BA0

Function 0083E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 0083E997
QueryPerformanceFrequency.KERNEL32(?), ref: 0083E9A5
Sleep.KERNEL32(00000000), ref: 0083E9AD
QueryPerformanceCounter.KERNEL32(?), ref: 0083E9B7
Sleep.KERNEL32 ref: 0083E9F3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: acab8a6654d5d8fedba8883e00bcfdf8ef716c92bd7488e84cd25d1882d402ec
Instruction ID: a28746ea985f5f47e013a6f06d755426fd30c4aab0539cae8e4b11a6c6b7f0b6
Opcode Fuzzy Hash: acab8a6654d5d8fedba8883e00bcfdf8ef716c92bd7488e84cd25d1882d402ec
Instruction Fuzzy Hash: D2011331C0162DDBCF00ABE5DC59AEDBF78FF49702F010556E942F2281CB7096568BA2

Function 008310F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00831114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 0083112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00830B9B,?,?,?), ref: 00831136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0083114D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 8327ab4b339cea44a116f872f39ea7836eec1a5f15710f73850b456159911540
Instruction ID: 1e3d2e2acc5f935433016e66911858276e93d87e8a1d4a180067158f14f3349f
Opcode Fuzzy Hash: 8327ab4b339cea44a116f872f39ea7836eec1a5f15710f73850b456159911540
Instruction Fuzzy Hash: 8B011975200205BFDB114FA9DC4DAAA3B6EFF8A7A0F215419FA85D7360DA71DC009A60

Function 00830FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00830FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00830FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00830FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00830FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00831002

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: d5d6e08733232b4735d94fadb557b40ba00bd9552a015bca174b169741f17ea9
Instruction ID: f604407330ebf52de8f568a9d5083e5b6d14931f4b65e337c0f859e595bad91c
Opcode Fuzzy Hash: d5d6e08733232b4735d94fadb557b40ba00bd9552a015bca174b169741f17ea9
Instruction Fuzzy Hash: 8FF06D35200701FBDB214FA5DC5DF663BADFF8AB62F125414FA89D7251CAB1DC408AA0

Function 00831014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0083102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00831036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00831045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0083104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00831062

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 8b4b07f214f244b39b8d05c44db6e23f21e97425c33031d819aa46a40a1dc26c
Instruction ID: 42520654d592c2eedeb3a557a78a404edcc7fa5b9923a441f8b959f5e789df00
Opcode Fuzzy Hash: 8b4b07f214f244b39b8d05c44db6e23f21e97425c33031d819aa46a40a1dc26c
Instruction Fuzzy Hash: A3F06D35200701FBDB219FA5EC5DF663BADFF8AB61F121414FA85D7250CAB5D8408AA0

Function 0084030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 00840324
CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 00840331
CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 0084033E
CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 0084034B
CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 00840358
CloseHandle.KERNEL32(?,?,?,?,0084017D,?,008432FC,?,00000001,00812592,?), ref: 00840365

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 386f99a617e1c9b71c11fd0197185ecb68e2aaa46f920de365aaff7fe680e903
Instruction ID: 17de69f23684e2d73cac8cad46a0bb8cded1ddc7c5973d54b0a93cff1f477ee5
Opcode Fuzzy Hash: 386f99a617e1c9b71c11fd0197185ecb68e2aaa46f920de365aaff7fe680e903
Instruction Fuzzy Hash: 51016072801B199FC7309F66D890817FBF5FE502153158A3FD29692A31C7B1A955DE80

Function 0080D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0080D752

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 0080D764
_free.LIBCMT ref: 0080D776
_free.LIBCMT ref: 0080D788
_free.LIBCMT ref: 0080D79A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: ee86defe5ffc14140aadef990a15bc8130be1fc1d8440702343e5bf1e57a808b
Instruction ID: 798073c86e25348fff9eb8431da84cde441a441d978e1e6d5a7e93b7317ad37d
Opcode Fuzzy Hash: ee86defe5ffc14140aadef990a15bc8130be1fc1d8440702343e5bf1e57a808b
Instruction Fuzzy Hash: 60F0FF32545304ABC6A1FBA8FDC5D167BDDFB447107A80806F048E7591C761FC8086A5

Function 00835C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00835C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00835C6F
MessageBeep.USER32(00000000), ref: 00835C87
KillTimer.USER32(?,0000040A), ref: 00835CA3
EndDialog.USER32(?,00000001), ref: 00835CBD

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: e0d1a6b3b4dd33365b4cbf9be3b61b80daa110f9946e86666c41945228daa90e
Instruction ID: c3a677c5b9e5c22dd3d1f49c401af6895554385761270cdae847cb4af85c1e60
Opcode Fuzzy Hash: e0d1a6b3b4dd33365b4cbf9be3b61b80daa110f9946e86666c41945228daa90e
Instruction Fuzzy Hash: DF01D130500B04ABEB205B10DD8EFA677B8FB10B09F01216EE283A14E0DBF4A985CA90

Function 008022A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008022BE

Part of subcall function 008029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000), ref: 008029DE
Part of subcall function 008029C8: GetLastError.KERNEL32(00000000,?,0080D7D1,00000000,00000000,00000000,00000000,?,0080D7F8,00000000,00000007,00000000,?,0080DBF5,00000000,00000000), ref: 008029F0

_free.LIBCMT ref: 008022D0
_free.LIBCMT ref: 008022E3
_free.LIBCMT ref: 008022F4
_free.LIBCMT ref: 00802305

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 791b7c022a60a9307b023e4da6fcb7667d7fa4071fa54727f0195102f4e241b3
Instruction ID: a1ef0f4eb3f930f7ee23cbf5c6c723c031a8f656ebb97baa2b708eeb69700f17
Opcode Fuzzy Hash: 791b7c022a60a9307b023e4da6fcb7667d7fa4071fa54727f0195102f4e241b3
Instruction Fuzzy Hash: 73F05E748101208FDA52FF98BC09E483F64F71A760B54051BF414E36F5DBB14811AFE5

Function 007E95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 007E95D4
StrokeAndFillPath.GDI32(?,?,008271F7,00000000,?,?,?), ref: 007E95F0
SelectObject.GDI32(?,00000000), ref: 007E9603
DeleteObject.GDI32 ref: 007E9616
StrokePath.GDI32(?), ref: 007E9631

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 6063b79698ecb120a1a304c8a4097a146597b14e11bbd395a2f4b1e57d414556
Instruction ID: 7052ec66d029e5cdb85ef0d06d5906d5383aa52d89948bf6e85a39184c0c060a
Opcode Fuzzy Hash: 6063b79698ecb120a1a304c8a4097a146597b14e11bbd395a2f4b1e57d414556
Instruction Fuzzy Hash: 3CF0AF31006644EBEF125F26EC1C7B63F60BB06322F488215F565554F0D77489A1CF21

Function 00800F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 008010F9
__freea.LIBCMT ref: 00801117

Part of subcall function 00801537: _free.LIBCMT ref: 0080154F

Strings

a/p, xrefs: 008011DE
am/pm, xrefs: 0080117A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 02b08537a7351cd366992b2428e0f9d5926f9288d4c23efb178de6a2abebed41
Instruction ID: 1c836e7f5e735a5e54f3d18c6fd90ca6eb019a912f546b5b9861ff2cac3f5bcb
Opcode Fuzzy Hash: 02b08537a7351cd366992b2428e0f9d5926f9288d4c23efb178de6a2abebed41
Instruction Fuzzy Hash: 4ED1DF31A0020ADACFA89F68CC8DABAB7B5FF05324F254159E541DBBD0D3799D80CB91

Function 00857B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 007F0242: EnterCriticalSection.KERNEL32(008A070C,008A1884,?,?,007E198B,008A2518,?,?,?,007D12F9,00000000), ref: 007F024D
Part of subcall function 007F0242: LeaveCriticalSection.KERNEL32(008A070C,?,007E198B,008A2518,?,?,?,007D12F9,00000000), ref: 007F028A

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 007F00A3: __onexit.LIBCMT ref: 007F00A9

__Init_thread_footer.LIBCMT ref: 00857BFB

Part of subcall function 007F01F8: EnterCriticalSection.KERNEL32(008A070C,?,?,007E8747,008A2514), ref: 007F0202
Part of subcall function 007F01F8: LeaveCriticalSection.KERNEL32(008A070C,?,007E8747,008A2514), ref: 007F0235

Strings

G, xrefs: 00857C7F
5, xrefs: 00857C78
Variable must be of type 'Object'., xrefs: 00857C3A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: 1b5d67f97b0728e9f7200eee4801416e23a016249405611b6b64a8c693d3e3c1
Instruction ID: a94d05912d9ab68d8eb276054d78128bb4fbabe21a42a23e8d9bd06dd792209f
Opcode Fuzzy Hash: 1b5d67f97b0728e9f7200eee4801416e23a016249405611b6b64a8c693d3e3c1
Instruction Fuzzy Hash: 0C917870A04209EFCB14EF98E8959ADB7B2FF49305F108059F8069B392DB31AE49CB51

Function 00805AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

Strings

JO}, xrefs: 00805BA8, 00805C6C

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID: JO}
API String ID: 0-3675885391
Opcode ID: 6316b3e555bf94de1b5db3ab2258e5385b9e6a1f865a68320b075bf819b5b675
Instruction ID: 285469eba109f78484ec83146b2b596f535ea7f78b409ca84dd688364125f06a
Opcode Fuzzy Hash: 6316b3e555bf94de1b5db3ab2258e5385b9e6a1f865a68320b075bf819b5b675
Instruction Fuzzy Hash: 2D518C71A00A099BEB619FA8CC49ABFBBB8FF05324F14005AE405E72D1DB759A018F71

Function 00832716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0083B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008321D0,?,?,00000034,00000800,?,00000034), ref: 0083B42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00832760

Part of subcall function 0083B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008321FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0083B3F8

Part of subcall function 0083B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0083B355
Part of subcall function 0083B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00832194,00000034,?,?,00001004,00000000,00000000), ref: 0083B365
Part of subcall function 0083B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00832194,00000034,?,?,00001004,00000000,00000000), ref: 0083B37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008327CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0083281A

Strings

@, xrefs: 00832832

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 1101d721f0fe843243aa266d9d2124afc27d664126daca2d4c3fd8275625b129
Instruction ID: a5130c0e9351b15351acc8a8fb1407ec78c91ac4ced3c1d7fbe7662c591252aa
Opcode Fuzzy Hash: 1101d721f0fe843243aa266d9d2124afc27d664126daca2d4c3fd8275625b129
Instruction Fuzzy Hash: 28410C76900218BFDB10DBA8CD45AEEBBB8FF49700F104099FA55B7181DB706E45CBA1

Function 0080172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00801769
_free.LIBCMT ref: 00801834
_free.LIBCMT ref: 0080183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00801760, 00801767, 00801796, 008017CE

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: c543f436d1667fa1613bb4f863cb20123a5c8705121373921888259cda0c51b5
Instruction ID: 5028516117bb0f1259f8a283def62f7c3dba9a113cda2fbf4d5668144b49a604
Opcode Fuzzy Hash: c543f436d1667fa1613bb4f863cb20123a5c8705121373921888259cda0c51b5
Instruction Fuzzy Hash: 00314D75A40218EBDF61DF999C89E9EBBFCFB85320F144166F904D7291D6B08E40CB91

Function 0083C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0083C306
DeleteMenu.USER32(?,00000007,00000000), ref: 0083C34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,008A1990,01585368), ref: 0083C395

Strings

0, xrefs: 0083C2DF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: 144aaea9930df973bafe29dc321132f10443a7ef8d703ee9931887462c20a9a9
Instruction ID: 81f5ce0547ea88294ed2b9c300935bbda8a4c7dcf387416fbbc5b7070aa2a4ca
Opcode Fuzzy Hash: 144aaea9930df973bafe29dc321132f10443a7ef8d703ee9931887462c20a9a9
Instruction Fuzzy Hash: 86417C712043019FD720DF29D885B6ABBE4FBC5324F148A1EF9A5E7391D770A904CB92

Function 00864416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0086CC08,00000000,?,?,?,?), ref: 008644AA
GetWindowLongW.USER32 ref: 008644C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 008644D7

Strings

SysTreeView32, xrefs: 0086447C

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 50d16688279d56d080b4ab4a974d48e19c9ffd9436b14e7e52aec1b9ce7291cb
Instruction ID: 5dac5f1087a3714ae5e33104e76a6fc5837200b6a09f05684b1269ec5f75fdfb
Opcode Fuzzy Hash: 50d16688279d56d080b4ab4a974d48e19c9ffd9436b14e7e52aec1b9ce7291cb
Instruction Fuzzy Hash: 80319E31211205ABDF219E38DC4ABEA7BA9FB09324F225315F975E21D0DB74EC509754

Function 0085304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0085335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00853077,?,?), ref: 00853378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0085307A
_wcslen.LIBCMT ref: 0085309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00853106

Strings

255.255.255.255, xrefs: 00853095, 0085309A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 92b6845eb639716efdb748e01be1ad17feae7cb275e816d5e05a83c75075622b
Instruction ID: 9afe7efc505d47977a941e3b75606205cf73ac66b98bac601defc47a8df6c8b0
Opcode Fuzzy Hash: 92b6845eb639716efdb748e01be1ad17feae7cb275e816d5e05a83c75075622b
Instruction Fuzzy Hash: AB31B235200605DFCB20CF68C485AAAB7E0FF54399F248059E915CB392DB71EE49C760

Function 00863EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00863F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00863F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00863F78

Strings

SysMonthCal32, xrefs: 00863F0B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: bf114aa92667cd332aca4d371326fb6eb85f179cb47ad1e68f52ee3e24db6842
Instruction ID: a32d024fce4361d7e9c64bbf5bad2c9b5a727383bfb336b2117dc0a107e8d478
Opcode Fuzzy Hash: bf114aa92667cd332aca4d371326fb6eb85f179cb47ad1e68f52ee3e24db6842
Instruction Fuzzy Hash: C0219F32610219BBDF119F54DC46FEA3B79FB48714F120214FA55AB1D0DAB5A9508BA0

Function 00864653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00864705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00864713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0086471A

Strings

msctls_updown32, xrefs: 00864684

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 462b35ea22b694ab4e02f3885098df572d921306af269e6181fcb5024bb4159f
Instruction ID: 5ca3372ab0f959f5fe40201a84fbdd9e0df5544f6941063aa497675130965ff2
Opcode Fuzzy Hash: 462b35ea22b694ab4e02f3885098df572d921306af269e6181fcb5024bb4159f
Instruction Fuzzy Hash: D1215CB5600209AFEB10DF68DC95DBB3BADFB5A3A4B051059FA01DB361DB70EC51CA60

Function 008395AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0083961D

Strings

#requireadmin, xrefs: 008395D9
#OnAutoItStartRegister, xrefs: 008395F3
#notrayicon, xrefs: 008395B7

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 9819290030d763a79f5d7986cb4b890b06839586708f8548a5d6469961c6ef0c
Instruction ID: ee409e16c2a12da32adfcf006e1d77a5e05498b118beb28b84e1c8da96952be1
Opcode Fuzzy Hash: 9819290030d763a79f5d7986cb4b890b06839586708f8548a5d6469961c6ef0c
Instruction Fuzzy Hash: C0212632205614A6C331AB249806FB77398FFE1314F504026FA9AD7241FBD9ED81C2D5

Function 008637B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00863840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00863850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00863876

Strings

Listbox, xrefs: 0086380F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 6f3229ae9b8eaa3228de2911603b4ddd7377d1444385d50e63684b70d0d5421e
Instruction ID: 2ddb56d6997e35e55441795986af441f48fc4af219156861efb1351b64dcc7c1
Opcode Fuzzy Hash: 6f3229ae9b8eaa3228de2911603b4ddd7377d1444385d50e63684b70d0d5421e
Instruction Fuzzy Hash: 6821BE72610218BBEF219F54DC85FBB376AFF89760F128124FA149B190C6B1DC5287A0

Function 008449F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00844A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00844A5C
SetErrorMode.KERNEL32(00000000,?,?,0086CC08), ref: 00844AD0

Strings

%lu, xrefs: 00844A6F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 733e9ac7ab95ffc6d28d2f5c87fb1a0b232d55bb5ad059e03550c9b53816eacf
Instruction ID: 6f1285b80a5852d8f68ebd8da8dcedbf557cfc555c5f16c2927749e9388bb0cf
Opcode Fuzzy Hash: 733e9ac7ab95ffc6d28d2f5c87fb1a0b232d55bb5ad059e03550c9b53816eacf
Instruction Fuzzy Hash: 7A313E75A00219AFDB10DF64C885EAA7BF8FF09308F1480A5E909DB362DB75ED45CB61

Function 008641EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0086424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00864264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00864271

Strings

msctls_trackbar32, xrefs: 00864226

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 96e62e5d55b3551e954aab72f21348e9ec12ff178399e11c4211931f4ea5b76e
Instruction ID: 1ad2da67972f2655f3e60c4f456009a23dd97c8baf5185b938f2dddc7e9880b4
Opcode Fuzzy Hash: 96e62e5d55b3551e954aab72f21348e9ec12ff178399e11c4211931f4ea5b76e
Instruction Fuzzy Hash: 3F110231240208BEEF205F28CC46FAF3BACFF95B64F121124FA55E61A0D2B1DC619B20

Function 00832F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D6B57: _wcslen.LIBCMT ref: 007D6B6A

Part of subcall function 00832DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00832DC5
Part of subcall function 00832DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00832DD6
Part of subcall function 00832DA7: GetCurrentThreadId.KERNEL32 ref: 00832DDD
Part of subcall function 00832DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00832DE4

GetFocus.USER32 ref: 00832F78

Part of subcall function 00832DEE: GetParent.USER32(00000000), ref: 00832DF9

GetClassNameW.USER32(?,?,00000100), ref: 00832FC3
EnumChildWindows.USER32(?,0083303B), ref: 00832FEB

Strings

%s%d, xrefs: 00832FFF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: e39b3a9e691dbd9ac88c28cb0de61d18ba0d3f13fef7c9321045377451a0a5a7
Instruction ID: 2c524fa2049c6f858331f1615a58ec6f658272bfc92e5d6c894f840a77a59071
Opcode Fuzzy Hash: e39b3a9e691dbd9ac88c28cb0de61d18ba0d3f13fef7c9321045377451a0a5a7
Instruction Fuzzy Hash: FF1190B1600209ABCF157F648C99EED376AFFD4304F04407AF909EB252DE7499458BB1

Function 00865882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008658C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008658EE
DrawMenuBar.USER32(?), ref: 008658FD

Strings

0, xrefs: 0086588F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 07e288f33fbad134fefecb6ce3f50b1772b6f6a0014affe4bafa7a0de304808e
Instruction ID: 442e8366fcadf2a40cf52c9766e32f779f8fb567b7b029278d6886339c45a4b7
Opcode Fuzzy Hash: 07e288f33fbad134fefecb6ce3f50b1772b6f6a0014affe4bafa7a0de304808e
Instruction Fuzzy Hash: CD016D31500258EFDB219F11EC48BAEBBB4FB45364F118099E889D6151DF709A84DF31

Function 0083007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd49d8275389a2f5f8ccdfc3ce24aab2a6139bcf63e8ffb6432642246dcb8317
Instruction ID: be6453b64d2bf07d39b469b0bb37c8d26886b9c9a5b636e398318e1451c418a1
Opcode Fuzzy Hash: fd49d8275389a2f5f8ccdfc3ce24aab2a6139bcf63e8ffb6432642246dcb8317
Instruction Fuzzy Hash: 3FC13975A0021AEFDB15CFA8C8A4AAEB7B5FF88704F208598E505EB251D771ED41CF90

Function 00803E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00803F0B
__alldvrm.LIBCMT ref: 0080410C
__alldvrm.LIBCMT ref: 0080412E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: b5e12762d8cde81483be5629e879db0b2db6403930f20f4a2e1f0776ef3e30b9
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: A3A135B2A407869FEB61CF18CC917AEBBE8FF61350F14416DE685EB2C1C6389981C751

Function 0085342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00853459
CoUninitialize.OLE32 ref: 00853463
VariantInit.OLEAUT32(?), ref: 0085346E
VariantClear.OLEAUT32(?), ref: 0085371B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 312cd5391da3f60d86fdbbc6d55dfbd8cd2d706e2b9249c5ea1e9d99ce32b8d4
Instruction ID: 23d9658cf26e00a2f0c61b20e2c7401486a7709ee058553cf438e5356c852187
Opcode Fuzzy Hash: 312cd5391da3f60d86fdbbc6d55dfbd8cd2d706e2b9249c5ea1e9d99ce32b8d4
Instruction Fuzzy Hash: D8A11575604200DFC714DF28C485A2AB7E5FF88755F04895AF98ADB362DB34EE05CB92

Function 00830436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0086FC08,?), ref: 008305F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0086FC08,?), ref: 00830608
CLSIDFromProgID.OLE32(?,?,00000000,0086CC40,000000FF,?,00000000,00000800,00000000,?,0086FC08,?), ref: 0083062D
_memcmp.LIBVCRUNTIME ref: 0083064E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 8bc78bbf6d5e0ab1b9b530198e2346220436859274a31982a1194af77746842a
Instruction ID: f94a948dbb7ba25e062323c407f0d8fa070083eeabf21dc29a71b03aa9503718
Opcode Fuzzy Hash: 8bc78bbf6d5e0ab1b9b530198e2346220436859274a31982a1194af77746842a
Instruction Fuzzy Hash: FB81E871A00209EFCB04DF94C994DAEB7B9FF89315F204598E516EB250DB71AE06CFA0

Function 00811391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 008114C0

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 9c462645ea1384943b9016d82d598867fa9242192599ce068834b6171642fdca
Instruction ID: 3464cbdc5024c8923d4d9af86557ce486b403f35598606a3d7b12e75f9f723c8
Opcode Fuzzy Hash: 9c462645ea1384943b9016d82d598867fa9242192599ce068834b6171642fdca
Instruction Fuzzy Hash: AA413B31600508ABDF216FFC9C4DAFE3AAEFF41770F240225F619D62D2EA7848815366

Function 00866278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 008662E2
ScreenToClient.USER32(?,?), ref: 00866315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00866382

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 38c78445c54d124dc2c67dd8a25814032971e7dd8dfc2d4c14dfb09194a9c322
Instruction ID: 7059feeaeac48e56fc6d2f0eee7134c1b34703c584bce9142caef63ed708bd68
Opcode Fuzzy Hash: 38c78445c54d124dc2c67dd8a25814032971e7dd8dfc2d4c14dfb09194a9c322
Instruction Fuzzy Hash: 96515A70A00249EFDF10DF68D9809AE7BB5FB45364F11815AF815DB390E730AD91CB50

Function 00851AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00851AFD
WSAGetLastError.WSOCK32 ref: 00851B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00851B8A
WSAGetLastError.WSOCK32 ref: 00851B94

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: e5d421a671162574d2c98bc85cec6964e09a59fdb58356e200da381e88bb86c6
Instruction ID: 396804fe844967c5886d798f12f0c672338979d39c3cb83a78d6565f65bab624
Opcode Fuzzy Hash: e5d421a671162574d2c98bc85cec6964e09a59fdb58356e200da381e88bb86c6
Instruction Fuzzy Hash: 3241D334600200AFEB20AF24C88AF2977E5EB49718F548458F95A9F3D3D7B6ED41CB91

Function 0080B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c18317c6e2f875d49f166705c40ffe4310e0ab5a13c25104c4974adfe57aca8
Instruction ID: 6a65ac2818a85c865bf10eb9c230806fe118bcf0a397871c4df15bc0f214f1eb
Opcode Fuzzy Hash: 9c18317c6e2f875d49f166705c40ffe4310e0ab5a13c25104c4974adfe57aca8
Instruction Fuzzy Hash: 61410672A00708AFD7249F7CCC45BAEBBA9FF88710F10856AF145DB2D2D7719A418781

Function 008456D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00845783
GetLastError.KERNEL32(?,00000000), ref: 008457A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008457CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008457FA

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 46fd6d61122afa6e2c1d0af601e992331469d6c6434bce9003a30c8040e62a9a
Instruction ID: bd3dd247817aee64446702457546250015bbb6c31945ddc4421018f279d18574
Opcode Fuzzy Hash: 46fd6d61122afa6e2c1d0af601e992331469d6c6434bce9003a30c8040e62a9a
Instruction Fuzzy Hash: 7E41F439600615DFCB15EF15C548A5EBBF2EF89720B198499EC4AAB362DB34ED00CB91

Function 0080D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,007F6D71,00000000,00000000,007F82D9,?,007F82D9,?,00000001,007F6D71,8BE85006,00000001,007F82D9,007F82D9), ref: 0080D910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0080D999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0080D9AB
__freea.LIBCMT ref: 0080D9B4

Part of subcall function 00803820: RtlAllocateHeap.NTDLL(00000000,?,008A1444,?,007EFDF5,?,?,007DA976,00000010,008A1440,007D13FC,?,007D13C6,?,007D1129), ref: 00803852

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 63dc76da0ef2f65c5222892e8aa669718ff9f32375747eb1773565015e38d68a
Instruction ID: f4923856bf0d8e1d67ce15505fb96eebdce8a53473e4eebe546a93a2b7ccc2a4
Opcode Fuzzy Hash: 63dc76da0ef2f65c5222892e8aa669718ff9f32375747eb1773565015e38d68a
Instruction Fuzzy Hash: D631AD72A0020AABDF24DFA5DC45EBE7BA5FB41310B054168FC04DA291EB35DD51CBA0

Function 008652C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00865352
GetWindowLongW.USER32(?,000000F0), ref: 00865375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00865382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008653A8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: 91c12d4f76fd58f206adf29dbb27609bc5980673ef54e8405fe6ee899808010a
Instruction ID: 0d10227da7d1e6b8dd7c67bbd86ad97aabb0c7928817d19b84984f3236ed3cb5
Opcode Fuzzy Hash: 91c12d4f76fd58f206adf29dbb27609bc5980673ef54e8405fe6ee899808010a
Instruction Fuzzy Hash: 8B31D034A55A0CEFEF309E14CE1ABE97761FB06B90F5A4102FA11DA3E0C7B099409B42

Function 0083AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0083ABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 0083AC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 0083AC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0083ACC6

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 2d6974bbe1a211c3f2aee5f6af1f02fca918b171b88f893cd9ea6ae390a62000
Instruction ID: 56fbe5f04fdd39d8a998f7e0c643f5cdcc32cad9ae0a11d8f25f45cb97dda318
Opcode Fuzzy Hash: 2d6974bbe1a211c3f2aee5f6af1f02fca918b171b88f893cd9ea6ae390a62000
Instruction Fuzzy Hash: 4E31E530A04618AFEB298B65C8087FA7AA5FBC5710F04621AE4C5D61D1C3758D8687D2

Function 00867674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 0086769A
GetWindowRect.USER32(?,?), ref: 00867710
PtInRect.USER32(?,?,00868B89), ref: 00867720
MessageBeep.USER32(00000000), ref: 0086778C

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: de8a30ec417922fd22f89abc7f5c4d4cd2ef302ce14bdc63778e27131771bf5c
Instruction ID: d627f47bd7fb16bbe072d6e8ddf6f5555d8cf7ecb015cc586aa4f0c988c49c2b
Opcode Fuzzy Hash: de8a30ec417922fd22f89abc7f5c4d4cd2ef302ce14bdc63778e27131771bf5c
Instruction Fuzzy Hash: 1E418D34605254DFEB02CF58C898EA9BBF5FB49318F1A80A9E415DB261D730A941CFD0

Function 008616DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 008616EB

Part of subcall function 00833A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00833A57
Part of subcall function 00833A3D: GetCurrentThreadId.KERNEL32 ref: 00833A5E
Part of subcall function 00833A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008325B3), ref: 00833A65

GetCaretPos.USER32(?), ref: 008616FF
ClientToScreen.USER32(00000000,?), ref: 0086174C
GetForegroundWindow.USER32 ref: 00861752

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: a49b271572b6eb234638484914ccbb416f1247ea2a8b89955266b83f8b108118
Instruction ID: 2ec8603d83b1df80740cfe657f53067fc03a29d9d3203d2a2a3ef18babc24ca8
Opcode Fuzzy Hash: a49b271572b6eb234638484914ccbb416f1247ea2a8b89955266b83f8b108118
Instruction Fuzzy Hash: C0316371D00149AFCB00DFA9C885DAEBBF9FF48304B55806AE415E7312D7359E45CBA0

Function 0083DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 007D7620: _wcslen.LIBCMT ref: 007D7625

_wcslen.LIBCMT ref: 0083DFCB
_wcslen.LIBCMT ref: 0083DFE2
_wcslen.LIBCMT ref: 0083E00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0083E018

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: 3ca90694c4a66d82f4528028f937a3f528a057feb9ac6f4b727e4eccafb45d8e
Instruction ID: 1c5d4bec84726c484200ea8d87f1e379b25377feee77b04ac4e747c4006e9ba6
Opcode Fuzzy Hash: 3ca90694c4a66d82f4528028f937a3f528a057feb9ac6f4b727e4eccafb45d8e
Instruction Fuzzy Hash: FC218071900618EFCB20DFA8D985B6EB7B8FF85750F144065E905FB385D6B49E408BE1

Function 0083D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0083D501
Process32FirstW.KERNEL32(00000000,?), ref: 0083D50F
Process32NextW.KERNEL32(00000000,?), ref: 0083D52F
CloseHandle.KERNEL32(00000000), ref: 0083D5DC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: dc8d2865029d9e18043599c98cb63178b1e4560335f6fc674b117db087bac796
Instruction ID: 42c8047c474ea4ac8fa92c98de953b2b5897f1e2c4031f2fa0e277bbfcb3c7d2
Opcode Fuzzy Hash: dc8d2865029d9e18043599c98cb63178b1e4560335f6fc674b117db087bac796
Instruction Fuzzy Hash: D0317E711083009FD301EF54D885AAFBBF8FFD9354F14092DF585862A1EB71A949CB92

Function 00868FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

GetCursorPos.USER32(?), ref: 00869001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00827711,?,?,?,?,?), ref: 00869016
GetCursorPos.USER32(?), ref: 0086905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00827711,?,?,?), ref: 00869094

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 04f2b570f5b71bdcee56aea8950291dde7067aa391d2a9f37b3872cf7a2d0dd4
Instruction ID: 3fda22aaf325c77736aa30eec50c85f4a914a10110b8a23d757c29bceae38e63
Opcode Fuzzy Hash: 04f2b570f5b71bdcee56aea8950291dde7067aa391d2a9f37b3872cf7a2d0dd4
Instruction Fuzzy Hash: 3921BF35601418EFDF258F94CC58EFA7BF9FB8A350F064069F9458B2A1C3719950DB61

Function 0083D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,0086CB68), ref: 0083D2FB
GetLastError.KERNEL32 ref: 0083D30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 0083D319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0086CB68), ref: 0083D376

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 74c9e1bf7237345976105c61de5bc759f42821414128a40fed3588a2835d57b5
Instruction ID: c8cb8937367ae0015c6d0b5cffe73f8b1320d380c80293dd7f696eff8e37c3b6
Opcode Fuzzy Hash: 74c9e1bf7237345976105c61de5bc759f42821414128a40fed3588a2835d57b5
Instruction Fuzzy Hash: 50218D70509301DF8300DF28E88586AB7E4FE96724F104A1EF4A9C33A1E7319D4ACB93

Function 00831571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00831014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0083102A
Part of subcall function 00831014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00831036
Part of subcall function 00831014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00831045
Part of subcall function 00831014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0083104C
Part of subcall function 00831014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00831062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008315BE
_memcmp.LIBVCRUNTIME ref: 008315E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00831617
HeapFree.KERNEL32(00000000), ref: 0083161E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 18722d70ecb86f79172cd51d798ab36d54a3e9a3bf4f6f159ed8961502b5ae00
Instruction ID: 500c555d0413e97c6fb1dbb95d9825e43cbe7945e217a975a5b2a84b2eb6430f
Opcode Fuzzy Hash: 18722d70ecb86f79172cd51d798ab36d54a3e9a3bf4f6f159ed8961502b5ae00
Instruction Fuzzy Hash: CA215731E00109EBDF00DFA5C949BEEB7B8FF94744F094869E441EB241E770AA05CBA0

Function 00862782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 0086280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00862824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00862832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00862840

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: ce9628a101f3c284fe01f9944a7e8fc7d5954cc66a76b4faffdeae21f6cf9639
Instruction ID: 6f963bbc827a1027e8d8337d1c231f1b541030132b8737fa5aa2e0780d556b95
Opcode Fuzzy Hash: ce9628a101f3c284fe01f9944a7e8fc7d5954cc66a76b4faffdeae21f6cf9639
Instruction Fuzzy Hash: EA21E031204911AFD7149B24CC45FAA7BA5FF45324F168299F426CB6E2CBB5EC42C790

Function 008378F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00838D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0083790A,?,000000FF,?,00838754,00000000,?,0000001C,?,?), ref: 00838D8C
Part of subcall function 00838D7D: lstrcpyW.KERNEL32(00000000,?,?,0083790A,?,000000FF,?,00838754,00000000,?,0000001C,?,?,00000000), ref: 00838DB2
Part of subcall function 00838D7D: lstrcmpiW.KERNEL32(00000000,?,0083790A,?,000000FF,?,00838754,00000000,?,0000001C,?,?), ref: 00838DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00838754,00000000,?,0000001C,?,?,00000000), ref: 00837923
lstrcpyW.KERNEL32(00000000,?,?,00838754,00000000,?,0000001C,?,?,00000000), ref: 00837949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00838754,00000000,?,0000001C,?,?,00000000), ref: 00837984

Strings

cdecl, xrefs: 0083797B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: d5999460fef50298be700ef7d8e9c9af12cad0eaff92f6bcaa746128e527bad1
Instruction ID: 904d0f6c5be7bc20c10f69e1a6c2ec6c99187e6d10f2d235c93159a056683447
Opcode Fuzzy Hash: d5999460fef50298be700ef7d8e9c9af12cad0eaff92f6bcaa746128e527bad1
Instruction Fuzzy Hash: 7611067A200341ABCB256F39C845E7A7BA9FF85350F00412AFC42C7364EB75D811C791

Function 00867CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00867D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00867D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00867D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0084B7AD,00000000), ref: 00867D6B

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: ee37d9c051bb1950c38fc820b9f1b404dc2c2a53f87970de817d213a0214f710
Instruction ID: 470c6bfa446b80eab9ff46b18665d8274e4a355669607136f5696c16eff0adff
Opcode Fuzzy Hash: ee37d9c051bb1950c38fc820b9f1b404dc2c2a53f87970de817d213a0214f710
Instruction Fuzzy Hash: 8B11A231605615AFDB109F28DC08A7A3BA5FF46364F164B24F935C72F0E7309950CB90

Function 00865660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 008656BB
_wcslen.LIBCMT ref: 008656CD
_wcslen.LIBCMT ref: 008656D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00865816

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 2be3267690836d38ac7358de32b009c356103eda06c62e091d5b0069ae8e8047
Instruction ID: 96402e0715a300ce1ed6eaef6a2282d1329ffc86f7cd1d79b2f1141841309a03
Opcode Fuzzy Hash: 2be3267690836d38ac7358de32b009c356103eda06c62e091d5b0069ae8e8047
Instruction Fuzzy Hash: A3112671600608E6DF20DF61CC85AFE37ACFF11768F11406AFA15E6181EBB4CA80CB64

Function 00801D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1dfb51417606f1604995fc5e66328391196c8e259ae9cb2fcb153af36a51186
Instruction ID: d22cd7bb11ffd51e194d6adf3ef0d97c6c4e4e7620dafa03e2cd6d2684bae237
Opcode Fuzzy Hash: d1dfb51417606f1604995fc5e66328391196c8e259ae9cb2fcb153af36a51186
Instruction Fuzzy Hash: E30162B230561A7EFA9126B86CC9F67661DFF427B8F351325F921E11D2EB608C005161

Function 00831A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00831A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00831A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00831A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00831A8A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 30ea592a5ee0f8d6ab4377f754107a586f9d068c29c240425699f1b1664aa28e
Instruction ID: 9e9d33f2ee72939b6b21435bb58b11e84ba463635d8f54a7b20c14a843af33c2
Opcode Fuzzy Hash: 30ea592a5ee0f8d6ab4377f754107a586f9d068c29c240425699f1b1664aa28e
Instruction Fuzzy Hash: 5A11F73A901229FFEF119BA5C985FADBB78FB48750F200095EA04B7290D7716E50DB94

Function 0083E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0083E1FD
MessageBoxW.USER32(?,?,?,?), ref: 0083E230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0083E246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0083E24D

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 7e5f3e220404211285d2110458722b21481532f2d7f9a23a5d34ecf02b9e3785
Instruction ID: 2262c6a9ef162b6185d0b7d42ade6d22d4e335f4ca38869f8d7e2c54c88b18ee
Opcode Fuzzy Hash: 7e5f3e220404211285d2110458722b21481532f2d7f9a23a5d34ecf02b9e3785
Instruction Fuzzy Hash: 7611C476904258BBDB119FA89C09EAF7FADFB86320F044255F924E33D1D7B89D0487A0

Function 007FD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,007FCFF9,00000000,00000004,00000000), ref: 007FD218
GetLastError.KERNEL32 ref: 007FD224
__dosmaperr.LIBCMT ref: 007FD22B
ResumeThread.KERNEL32(00000000), ref: 007FD249

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: f9438cd9ab66916ef050a441c479964a7007a9034963d139d8c8790d90ac6daa
Instruction ID: 1ca9d2233a75bd0dd8a267b452ac5fb4d6bd928b127e70b03804d6f98ad54035
Opcode Fuzzy Hash: f9438cd9ab66916ef050a441c479964a7007a9034963d139d8c8790d90ac6daa
Instruction Fuzzy Hash: 8E01D63640510CBBDB215BA5DC09BBE7A6AFF82331F110219FA25923D0DFB58D01C6E1

Function 00869EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 007E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007E9BB2

GetClientRect.USER32(?,?), ref: 00869F31
GetCursorPos.USER32(?), ref: 00869F3B
ScreenToClient.USER32(?,?), ref: 00869F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00869F7A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 6104d46d2d1d6ab03717f3d27ba0206ced6274de32912686d3555e7f4892914d
Instruction ID: eb40d794f7e92931c5e82679d063aa2f291b5e863a5276c91f0efc04fbeaddda
Opcode Fuzzy Hash: 6104d46d2d1d6ab03717f3d27ba0206ced6274de32912686d3555e7f4892914d
Instruction Fuzzy Hash: 4211453690011AABDB00DFA8D889DFE77BCFB05311F424455F982E3180DB70BA81CBA2

Function 007D600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007D604C
GetStockObject.GDI32(00000011), ref: 007D6060
SendMessageW.USER32(00000000,00000030,00000000), ref: 007D606A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: d212082c0cabc34cee6a73d21fe2110482f67bf401e5e0082887d6a546c408eb
Instruction ID: 602d00ce11af304d6f3ac957f1c917d410eaf2c676476216253dd05f0e5004a9
Opcode Fuzzy Hash: d212082c0cabc34cee6a73d21fe2110482f67bf401e5e0082887d6a546c408eb
Instruction Fuzzy Hash: 6A118B72101508BFEF125FA48C44EFABBB9FF093A4F050206FA5492220C77ADC60DBA0

Function 007F3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 007F3B56

Part of subcall function 007F3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 007F3AD2
Part of subcall function 007F3AA3: ___AdjustPointer.LIBCMT ref: 007F3AED

_UnwindNestedFrames.LIBCMT ref: 007F3B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 007F3B7C
CallCatchBlock.LIBVCRUNTIME ref: 007F3BA4

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 62ae64ccda0551963fe7d075a4ba836fce59d507fc53f44aace9705b718cd984
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: 9801177210014DFBDF125E95CC46EFB3B6AEF88754F044015FE4866221C63AE961ABA0

Function 00803073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007D13C6,00000000,00000000,?,0080301A,007D13C6,00000000,00000000,00000000,?,0080328B,00000006,FlsSetValue), ref: 008030A5
GetLastError.KERNEL32(?,0080301A,007D13C6,00000000,00000000,00000000,?,0080328B,00000006,FlsSetValue,00872290,FlsSetValue,00000000,00000364,?,00802E46), ref: 008030B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0080301A,007D13C6,00000000,00000000,00000000,?,0080328B,00000006,FlsSetValue,00872290,FlsSetValue,00000000), ref: 008030BF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 1964731a7f4da816d4cd53c05c40c9f96ea24405054223f1e3fb4aaee2d3d47b
Instruction ID: b33ed5323d253ebdc96ee5af52bd259152b49090ae17f5f86860685c6d3205a3
Opcode Fuzzy Hash: 1964731a7f4da816d4cd53c05c40c9f96ea24405054223f1e3fb4aaee2d3d47b
Instruction Fuzzy Hash: 19012B32313A26ABCB714B799C449677B9CFF46B61B214620F945E32C0D721D901C6E0

Function 00837464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0083747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00837497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008374AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008374CA

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: eb7eaa7a4eff71300c67d797c5d01cf383969751d300e55d24ba81490c0504f2
Instruction ID: 485e6b684b14830ef413acc79e38a4d120b6ddfe4d680c2c6aac2817cf33810a
Opcode Fuzzy Hash: eb7eaa7a4eff71300c67d797c5d01cf383969751d300e55d24ba81490c0504f2
Instruction Fuzzy Hash: 041179B1209315ABE7308F54EC09BA27BF8FB80B04F108569E696D6191DBB0F944DBA4

Function 0083B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0083ACD3,?,00008000), ref: 0083B0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0083ACD3,?,00008000), ref: 0083B0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0083ACD3,?,00008000), ref: 0083B0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0083ACD3,?,00008000), ref: 0083B126

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: b5ad3baed525cb93d4b126547ab71732cef7fc33c56c7875c7ffd76657af92f4
Instruction ID: 1244fbba461f107bc9520996e558057e7f275c6a804e3b271e9b3bef8ff5d928
Opcode Fuzzy Hash: b5ad3baed525cb93d4b126547ab71732cef7fc33c56c7875c7ffd76657af92f4
Instruction Fuzzy Hash: E3115B71C0192DE7CF04AFE4E9686FEBF78FF8A711F114086DA81B6185DB7096508BA1

Function 00867E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00867E33
ScreenToClient.USER32(?,?), ref: 00867E4B
ScreenToClient.USER32(?,?), ref: 00867E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00867E8A

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 625c871cfe56cb81fb6458c4ba1016922f8a765d1be5085235dd337ca3c251e3
Instruction ID: 9357a2f03572c0b8d15f7e154beff527c61f7d4632c064283fae30039a32e277
Opcode Fuzzy Hash: 625c871cfe56cb81fb6458c4ba1016922f8a765d1be5085235dd337ca3c251e3
Instruction Fuzzy Hash: 011153B9D0024AAFDB41CF98C884AEEBBF9FF18310F509066E955E3210D775AA54CF90

Function 00832DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00832DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00832DD6
GetCurrentThreadId.KERNEL32 ref: 00832DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00832DE4

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 6a00443b2a12d3008b83661282143fa647b6b120687ba9e81443306cd4784127
Instruction ID: 6358158dccf0bf912deb88bf5583b026e033f2c3b8296966b4c28772a7c476d9
Opcode Fuzzy Hash: 6a00443b2a12d3008b83661282143fa647b6b120687ba9e81443306cd4784127
Instruction Fuzzy Hash: 6FE0EDB15012287ADB202B63DC0DEFB7E6CFF96BA1F411119F606D50909AE58941C6F1

Function 00868863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 007E9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007E9693
Part of subcall function 007E9639: SelectObject.GDI32(?,00000000), ref: 007E96A2
Part of subcall function 007E9639: BeginPath.GDI32(?), ref: 007E96B9
Part of subcall function 007E9639: SelectObject.GDI32(?,00000000), ref: 007E96E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00868887
LineTo.GDI32(?,?,?), ref: 00868894
EndPath.GDI32(?), ref: 008688A4
StrokePath.GDI32(?), ref: 008688B2

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 4cdd14234fbf8ae8020a3316147874b2018ea6e074f8619edd95772aecffe1fe
Instruction ID: 550ab377f6be6abc314e7a68d54c9884139c2b60fe872c64f1d36b43c6f8fa39
Opcode Fuzzy Hash: 4cdd14234fbf8ae8020a3316147874b2018ea6e074f8619edd95772aecffe1fe
Instruction Fuzzy Hash: FBF05E36041658FAEB126F94AC0DFDE3F59BF0A310F458100FA51650E1C7B55511CFE6

Function 007E98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 007E98CC
SetTextColor.GDI32(?,?), ref: 007E98D6
SetBkMode.GDI32(?,00000001), ref: 007E98E9
GetStockObject.GDI32(00000005), ref: 007E98F1

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 8c8689689ffd47efbbd7387e0e4bacc5a9f80d9879859652544928f110fddfa0
Instruction ID: 28330a2e887e8002f0d53350d36840ca8fd3839cb726e8ebaa27448d89e571cb
Opcode Fuzzy Hash: 8c8689689ffd47efbbd7387e0e4bacc5a9f80d9879859652544928f110fddfa0
Instruction Fuzzy Hash: 49E06531244280AADB215B75BC09BE93F10FB12335F049219F7FA940E1C3B146909B11

Function 0083162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00831634
OpenThreadToken.ADVAPI32(00000000,?,?,?,008311D9), ref: 0083163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008311D9), ref: 00831648
OpenProcessToken.ADVAPI32(00000000,?,?,?,008311D9), ref: 0083164F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: a425c0f5fb413d50a3ffc3545dedf0f470c1642f74d87d7f0970919c48b50573
Instruction ID: b04ce99bceaf17e644b35d0537c27a80a6481e34e57deca1e26f5c5807369d3f
Opcode Fuzzy Hash: a425c0f5fb413d50a3ffc3545dedf0f470c1642f74d87d7f0970919c48b50573
Instruction Fuzzy Hash: A4E08631601211EBDB201FE19E0DB663B7CFF54B91F154808F685C9080E6B44440C791

Function 0082D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0082D858
GetDC.USER32(00000000), ref: 0082D862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0082D882
ReleaseDC.USER32(?), ref: 0082D8A3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 132bbd21652f75d7b17a97c768b3e2ccf2b38f44e63b8be09a2c0a41562a31dc
Instruction ID: a8e9d1b1049e2d5af689cf9c72c37da41134e1138800d635e330d2074dd93301
Opcode Fuzzy Hash: 132bbd21652f75d7b17a97c768b3e2ccf2b38f44e63b8be09a2c0a41562a31dc
Instruction Fuzzy Hash: 3CE01AB5800205EFCB419FA0D90C67DBBB1FB18310F15A419E88AE7250CBB85941AF44

Function 0082D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0082D86C
GetDC.USER32(00000000), ref: 0082D876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0082D882
ReleaseDC.USER32(?), ref: 0082D8A3

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 6fc9d90746662ba32165cf07b6c12c4045833e7b57f879b4374ec81b0da75209
Instruction ID: 8d0d26d0340bec5e49213b63a968d82e2e9ad013e9c90e12d5babcd265970d9f
Opcode Fuzzy Hash: 6fc9d90746662ba32165cf07b6c12c4045833e7b57f879b4374ec81b0da75209
Instruction Fuzzy Hash: 2EE012B1800200EFCB51AFA0D80C66DBBB1FB18310B15A009E88AE7250CBB85901AF44

Function 00844D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 007D7620: _wcslen.LIBCMT ref: 007D7625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00844ED4

Strings

LPT, xrefs: 00844DFB
*, xrefs: 00844E10

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 156f9f12160e6e0b2f5074743a2bf29ff045bc87458fdd1c5af847f31e22bcf8
Instruction ID: 1fbea1fc4de1de82dad58c2c4391e243b5f0601b1e677a426f84ac3e1e1858f8
Opcode Fuzzy Hash: 156f9f12160e6e0b2f5074743a2bf29ff045bc87458fdd1c5af847f31e22bcf8
Instruction Fuzzy Hash: 98913D75A00208DFDB14DF58C484EA9BBF1FF44318F199099E80A9B362DB75ED85CB91

Function 007FE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 007FE30D

Strings

pow, xrefs: 007FE2E5, 007FE302

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 032876a9a3cb559a398c7a4be763f75e43f772c9c985ea90553b9268447c2bb1
Instruction ID: 29da0ef3a3e692b644e4a6759cc64473a8216a1ffb0e58372e91397433d54d7e
Opcode Fuzzy Hash: 032876a9a3cb559a398c7a4be763f75e43f772c9c985ea90553b9268447c2bb1
Instruction Fuzzy Hash: F5514961E0D20A96DB557B18CD093793BA4FF40B40F3049A8E5D5C23FDEB389CD19A46

Function 007EE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 007EE1B1

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 1a7e104fa02d3af6b537adc74d6fbdbb9025860c16ac6b1da14ec04e93aace27
Instruction ID: b1760946636691419e19036cf95f9ae0e386e41d6e1eae27f68ade25249e9b6f
Opcode Fuzzy Hash: 1a7e104fa02d3af6b537adc74d6fbdbb9025860c16ac6b1da14ec04e93aace27
Instruction Fuzzy Hash: 64513235601296DFDF14DF68D0856BA7BA8FF19310F24845AF991DB2C0DA389D82CBA4

Function 007EF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 007EF2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 007EF2BB

Strings

@, xrefs: 007EF2AF

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: a8ff4a13042fd90dd59adf2f4ae3d5ce614d8600904124d4abb2c629ec85b57c
Instruction ID: 48e577142d7138ae112c511972f2d5473cbcaa7349f45bec718bd9988df9d129
Opcode Fuzzy Hash: a8ff4a13042fd90dd59adf2f4ae3d5ce614d8600904124d4abb2c629ec85b57c
Instruction Fuzzy Hash: 87512872418745DBD320AF14DC8ABABBBF8FF84300F81885DF1D981295EB748529CB66

Function 00855745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008557E0
_wcslen.LIBCMT ref: 008557EC

Strings

CALLARGARRAY, xrefs: 008557E6, 008557EB

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 692ad9549e33797bd23465df4526b30c9874d8459e851ad5cac6dc5579c80e41
Instruction ID: 9bcb83f7c7a2b0ad09edbaee49b8e3a1545a1611f7f83d0225defa4ed57b3ed2
Opcode Fuzzy Hash: 692ad9549e33797bd23465df4526b30c9874d8459e851ad5cac6dc5579c80e41
Instruction Fuzzy Hash: 5D41DC31E00209DFCB04DFA9C8958BEBBB5FF59725F10402AE905E7291E7749D89CBA0

Function 0084D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0084D130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0084D13A

Strings

|, xrefs: 0084D10B

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: d59b7a3b8137568c42b23f54ef4f5df7d678187c15d4435cd3abc70919694837
Instruction ID: abdff34fc8a1ab5e24c5977306b283e09f1f4863fd60204355ff8ce69dfab956
Opcode Fuzzy Hash: d59b7a3b8137568c42b23f54ef4f5df7d678187c15d4435cd3abc70919694837
Instruction Fuzzy Hash: 2B311D75D00219EBCF15EFA4CC89AEEBFB9FF04304F10001AF915A6266E735AA56DB50

Function 0086356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00863621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0086365C

Strings

static, xrefs: 008635BC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: eea09e5898e2d90dd5306a056c4b0a15dafef9649528446475c9fd35e65612f2
Instruction ID: 2e86bddc8066647d38be04947cd5ffe61f1a2ea793ac07481d915124e4cbabe4
Opcode Fuzzy Hash: eea09e5898e2d90dd5306a056c4b0a15dafef9649528446475c9fd35e65612f2
Instruction Fuzzy Hash: 9F319E71100204AEDB109F68DC85EFB73A9FF98724F01961AF9A5D7290DA74AD81D760

Function 00864537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0086461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00864634

Strings

', xrefs: 0086458E

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 015681ca7bc3d15d6af35395adc1de5368d40f0c1981409a0dd14b6fc777e62f
Instruction ID: e527fa9493f2ff681325843f4d67bd2bc026d088611f9c88c3f559614fe60df5
Opcode Fuzzy Hash: 015681ca7bc3d15d6af35395adc1de5368d40f0c1981409a0dd14b6fc777e62f
Instruction Fuzzy Hash: 76311674A0120A9FEF14CFA9C984ADEBBB5FB19300F15506AE905EB341D770A941CF90

Function 008631EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0086327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00863287

Strings

Combobox, xrefs: 00863249

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 59d972e87ac77e1fb93eaef1f4da3d3d6e25d148fcb352c6304b98e88d408a6e
Instruction ID: 38c5fa6538f510044eb43250ddd4ae03fb4b3fb8d533e955d66296f3e1c803fa
Opcode Fuzzy Hash: 59d972e87ac77e1fb93eaef1f4da3d3d6e25d148fcb352c6304b98e88d408a6e
Instruction Fuzzy Hash: C311E271300208BFFF219E54DC95EBB37AAFB943A5F120128F928E7390D6719D518760

Function 00863710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 007D600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007D604C
Part of subcall function 007D600E: GetStockObject.GDI32(00000011), ref: 007D6060
Part of subcall function 007D600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007D606A

GetWindowRect.USER32(00000000,?), ref: 0086377A
GetSysColor.USER32(00000012), ref: 00863794

Strings

static, xrefs: 00863757

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 1d16c1fb0a30e1b288b8f206bfb8813a40b7c6b91b6e8ba83e17aec25f8d4794
Instruction ID: 65589b951ec83d629b1ea7e4c64f1b39f103202e7add1ea0b7f54a0884232698
Opcode Fuzzy Hash: 1d16c1fb0a30e1b288b8f206bfb8813a40b7c6b91b6e8ba83e17aec25f8d4794
Instruction Fuzzy Hash: FB113AB2610209AFDF00DFA8CC46EFA7BB8FB09354F014525F9A6E2250E775E8519B50

Function 0084CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0084CD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0084CDA6

Strings

<local>, xrefs: 0084CD66

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 77a7dea11a3774b9d34040bc379d33d3a6661f8559d76017082c8dbea1f74959
Instruction ID: d4328d8dfe1bb9982fdb29aeab7a9632c7c1fa46116c08201cffd82637a1ad90
Opcode Fuzzy Hash: 77a7dea11a3774b9d34040bc379d33d3a6661f8559d76017082c8dbea1f74959
Instruction Fuzzy Hash: 6811C671A06639BAD7B84B668C45FF7BE6CFF127A4F004226B159C3190D7749840D6F0

Function 00863429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 008634AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008634BA

Strings

edit, xrefs: 0086348F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 32cb5fab25de1a871df1739e9fff7888b8e0ba30927f8f9ef277ccc70dc01c7f
Instruction ID: 3cb7af01e1cef085d26b67994ed9f27612b354415e5a05b1a09b679a04b890af
Opcode Fuzzy Hash: 32cb5fab25de1a871df1739e9fff7888b8e0ba30927f8f9ef277ccc70dc01c7f
Instruction Fuzzy Hash: C5119D71100108AAEB114E64DC44EBA776AFB25378F524324FA61D31E0CB75DD519758

Function 00836C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

CharUpperBuffW.USER32(?,?,?), ref: 00836CB6
_wcslen.LIBCMT ref: 00836CC2

Strings

STOP, xrefs: 00836CBC, 00836CC1

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 0c9ea58b03aa33c43f05ccd61f28a7358cc6ee9881424c74658bac5c01699777
Instruction ID: d188a6f79b03e0234fbad60d711ff2ec1d6c0c9af5680c7fb83a4d551a891295
Opcode Fuzzy Hash: 0c9ea58b03aa33c43f05ccd61f28a7358cc6ee9881424c74658bac5c01699777
Instruction Fuzzy Hash: E6010832A00526ABCB209FBDDC448BF77B4FBA0714B004529E452D6291FA35D811C790

Function 00831CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00831D4C

Strings

ListBox, xrefs: 00831D16
ComboBox, xrefs: 00831CEB

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 940e688f3b3bbdda93bf4a6ebe06fc637c1cee6306ff5e3419f675e9153a6c6c
Instruction ID: 0f62113e80fa93124d3b70254da6ac104f5afa58c13cf3291d3f80e17001fbc7
Opcode Fuzzy Hash: 940e688f3b3bbdda93bf4a6ebe06fc637c1cee6306ff5e3419f675e9153a6c6c
Instruction Fuzzy Hash: 6A01D871601218AB8F04EBA4DC59CFE7778FB97750F44051AF872A73C1EB38590887A0

Function 00831BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00831C46

Strings

ListBox, xrefs: 00831C10
ComboBox, xrefs: 00831BE5

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: fa4bcffafb753f7a618e2c6b280d8a41f69264f6946ef16e03b3289092635bed
Instruction ID: 040fd97d71997e536b64fb58f0c189ec86be6f6a7286e07bde82f5535aac9e74
Opcode Fuzzy Hash: fa4bcffafb753f7a618e2c6b280d8a41f69264f6946ef16e03b3289092635bed
Instruction Fuzzy Hash: C301F771780108A6CF04EBA0C9599FF77A8FB61740F14101AB516B3381EA249E0997F1

Function 00831C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00831CC8

Strings

ListBox, xrefs: 00831C94
ComboBox, xrefs: 00831C69

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 1ba17d993739df08e710ea2d8968e9427e4a346fbac03da45532d632d990b827
Instruction ID: 9f002af6d48010537b3d4df552b6558c16b190cea24d044658933a8e40177856
Opcode Fuzzy Hash: 1ba17d993739df08e710ea2d8968e9427e4a346fbac03da45532d632d990b827
Instruction Fuzzy Hash: 5901D671780118A7CF14FBA4CA09AFE77A8FB51740F141016B906F3381EA649F0AD6B2

Function 00831D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007D9CB3: _wcslen.LIBCMT ref: 007D9CBD

Part of subcall function 00833CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00833CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00831DD3

Strings

ListBox, xrefs: 00831DA0
ComboBox, xrefs: 00831D75

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: bc43ed8f423b016d8cf588dc2e294080be779daef4cd4a9365288c98d101692b
Instruction ID: 3d1de77786040b96112917e58997ee791ef62edad412f50d8fd4b296b16fb496
Opcode Fuzzy Hash: bc43ed8f423b016d8cf588dc2e294080be779daef4cd4a9365288c98d101692b
Instruction Fuzzy Hash: AFF0A471B51218A6DF04F7A4DC5AAFE7778FF52B54F04091AB922E33C1DAA4590882A1

Function 0085747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00857493
_wcslen.LIBCMT ref: 008574B9

Strings

3, 3, 16, 1, xrefs: 00857483

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: 205218e6966442fd9e6a950f14e114d850bd197d821ab6f2d4cbc4b1d4599475
Instruction ID: 9675db6a4dd30b16ad6064c79db4dee670c2d173874c4787de4abcbe1384f9cb
Opcode Fuzzy Hash: 205218e6966442fd9e6a950f14e114d850bd197d821ab6f2d4cbc4b1d4599475
Instruction Fuzzy Hash: 9DE02B42314220A192312279BCC597F5689EFC5751714182FFE85C2366EAD89D9193A5

Function 00830B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00830B23

Strings

Error allocating memory., xrefs: 00830B1C
AutoIt, xrefs: 00830B17

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 77e72920b57e7733420ee043eb3a94cf6aa19ea0ba7ec6ddad5133672782ad5b
Instruction ID: 491999daea385653667b3ae9da1ba78393875e6cff37fa5f91e29466df7e9711
Opcode Fuzzy Hash: 77e72920b57e7733420ee043eb3a94cf6aa19ea0ba7ec6ddad5133672782ad5b
Instruction Fuzzy Hash: 00E0D83134534866D31036957C07F997E84EF09B20F100426F7D8D5AC38AEA245016E9

Function 007F0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 007EF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007F0D71,?,?,?,007D100A), ref: 007EF7CE

IsDebuggerPresent.KERNEL32(?,?,?,007D100A), ref: 007F0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,007D100A), ref: 007F0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007F0D7F

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 4e9d4709eefc12117568a03c72072bcca4e3eaae66325c3c91f29f50d3d8c67d
Instruction ID: b57839db8760e1984d4207629454a5a11ba9a3a095c7d83af724fc3fdacbc655
Opcode Fuzzy Hash: 4e9d4709eefc12117568a03c72072bcca4e3eaae66325c3c91f29f50d3d8c67d
Instruction Fuzzy Hash: 29E06D743003518BD7209FB8E4083667BE4BB04744F01892DEA82C6B52DBB9E4448BD1

Function 00843017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0084302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00843044

Strings

aut, xrefs: 00843038

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 9ed3724a25a9c4eae5b0fba1afb335edecd50e40022a6de77d2bce4d4b7b5622
Instruction ID: 05394420553cf6d6849e509c476fd7a721a815743c1c37c917db2cd8af344fab
Opcode Fuzzy Hash: 9ed3724a25a9c4eae5b0fba1afb335edecd50e40022a6de77d2bce4d4b7b5622
Instruction Fuzzy Hash: 92D05E7250032867DA20A7A4EC0EFDB3B6CEB04750F0002A2BA95E2191EAF49984CAD0

Function 0082D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0082D220

Strings

%.3d, xrefs: 0082D22B
X64, xrefs: 0082D2A8

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 576d644d69be0dcf98704effb8952d050676df48fac4c731a37694c979e7b359
Instruction ID: 7f0bf38894debf48567309020e65e8cde77621b3852e102471b49e954011f32f
Opcode Fuzzy Hash: 576d644d69be0dcf98704effb8952d050676df48fac4c731a37694c979e7b359
Instruction Fuzzy Hash: 24D012A180926CE9CB5097E0EC498B9B77CFB08305FA48452F806D1140D628E588A761

Function 00862322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0086232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0086233F

Part of subcall function 0083E97B: Sleep.KERNEL32 ref: 0083E9F3

Strings

Shell_TrayWnd, xrefs: 00862325

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 329066b72883b8cb74e59225978c16c1ab2895432cf72ceb338253a604a1fdd4
Instruction ID: 15340577211a1a5209eba29a384a207224b3ee9e3939ff326af74c707f4844b4
Opcode Fuzzy Hash: 329066b72883b8cb74e59225978c16c1ab2895432cf72ceb338253a604a1fdd4
Instruction Fuzzy Hash: BCD0A932380300B6EAA4B770EC0FFD66A04BB00B00F014A06B686EA1D0C9E0A8018A44

Function 00862356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0086236C
PostMessageW.USER32(00000000), ref: 00862373

Part of subcall function 0083E97B: Sleep.KERNEL32 ref: 0083E9F3

Strings

Shell_TrayWnd, xrefs: 00862365

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 743efaa6ec66f5fab233d3d3b5bcbd0e9705690161ca24975c200d4809948a93
Instruction ID: 04b2f268cfdc88d26de5efc2af1c56b55ed464662631e0e32e2b99d863d7fcb4
Opcode Fuzzy Hash: 743efaa6ec66f5fab233d3d3b5bcbd0e9705690161ca24975c200d4809948a93
Instruction Fuzzy Hash: BAD0C9323813117AEAA4B770EC4FFD66A14BB54B10F015A16B696EA1D0D9E4A8018A58

Function 0080BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0080BE93
GetLastError.KERNEL32 ref: 0080BEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0080BEFC

Memory Dump Source

Source File: 00000000.00000002.2939801368.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true

Associated: 00000000.00000002.2939775801.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.000000000086C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939891797.0000000000892000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939962570.000000000089C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2939993161.00000000008A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 5b20ceec94ca8c45f031a51d41ccca0ab30cbdb5266430fc90e3b1ca50e1797b
Instruction ID: cfdb275476a9d0a44ba3004cff8c298c765c8569eca1ad56f6ce9e2f18793321
Opcode Fuzzy Hash: 5b20ceec94ca8c45f031a51d41ccca0ab30cbdb5266430fc90e3b1ca50e1797b
Instruction Fuzzy Hash: 1341B13560420AAFCF618FA5CC48ABA7BA5FF42720F154169FA59DB2E1DF308D01CB60

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre