Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1526115
MD5:c64970aca973dfb3413fd4c44e199117
SHA1:d7c30c675079c94be1654ef76f3b0b70e0b9ae79
SHA256:e9e2008c442d12d9fe5e7598e2008da4d9daab25e0fab631492fbd7f50e655a9
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4564 cmdline: "C:\Users\user\Desktop\file.exe" MD5: C64970ACA973DFB3413FD4C44E199117)
    • taskkill.exe (PID: 6644 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6596 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 760 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6548 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 4816 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • chrome.exe (PID: 528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 3040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 4564JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:59537 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00F0DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDC2A2 FindFirstFileExW,0_2_00EDC2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F168EE FindFirstFileW,FindClose,0_2_00F168EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00F1698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00F0D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00F0D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F19642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00F19642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00F1979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F19B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00F19B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F15C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00F15C97
    Source: global trafficTCP traffic: 192.168.2.5:59336 -> 1.1.1.1:53
    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00F1CE44
    Source: global trafficHTTP traffic detected: GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1Host: youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1Host: www.youtube.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
    Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1690580838&timestamp=1728062473124 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=w-2Cw4CImbelzX_SClJKetllVsIuixaGybtPZTx-SpdFGQjD0afdvMu611cQHuNk7oBYoCd06hCBAXkckXPq_h_-T76YYqK_hs23ApsjGhYtRiHWqPNRRVN2g1Csg8xvmEYLk1UigVFkTE7R9dAAVE4295DgVmfH8LLvKW05FUbribgwNEU
    Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=s9CYOBSCZtkw7HA&MD=NvR15Afe HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=s9CYOBSCZtkw7HA&MD=NvR15Afe HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: chromecache_100.14.drString found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: accounts.youtube.com
    Source: global trafficDNS traffic detected: DNS query: play.google.com
    Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: chromecache_100.14.drString found in binary or memory: https://accounts.google.com
    Source: chromecache_100.14.drString found in binary or memory: https://accounts.google.com/TOS?loc=
    Source: chromecache_93.14.drString found in binary or memory: https://apis.google.com/js/api.js
    Source: chromecache_100.14.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
    Source: chromecache_100.14.drString found in binary or memory: https://families.google.com/intl/
    Source: chromecache_93.14.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
    Source: chromecache_93.14.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
    Source: chromecache_93.14.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
    Source: chromecache_100.14.drString found in binary or memory: https://g.co/recover
    Source: chromecache_100.14.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: chromecache_100.14.drString found in binary or memory: https://play.google.com/work/enroll?identifier=
    Source: chromecache_100.14.drString found in binary or memory: https://play.google/intl/
    Source: chromecache_100.14.drString found in binary or memory: https://policies.google.com/privacy
    Source: chromecache_100.14.drString found in binary or memory: https://policies.google.com/privacy/additional
    Source: chromecache_100.14.drString found in binary or memory: https://policies.google.com/privacy/google-partners
    Source: chromecache_100.14.drString found in binary or memory: https://policies.google.com/technologies/cookies
    Source: chromecache_100.14.drString found in binary or memory: https://policies.google.com/technologies/location-data
    Source: chromecache_100.14.drString found in binary or memory: https://policies.google.com/terms
    Source: chromecache_100.14.drString found in binary or memory: https://policies.google.com/terms/location
    Source: chromecache_100.14.drString found in binary or memory: https://policies.google.com/terms/service-specific
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/animation/
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
    Source: chromecache_93.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
    Source: chromecache_100.14.drString found in binary or memory: https://support.google.com/accounts?hl=
    Source: chromecache_100.14.drString found in binary or memory: https://support.google.com/accounts?p=new-si-ui
    Source: chromecache_100.14.drString found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
    Source: chromecache_93.14.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
    Source: chromecache_100.14.drString found in binary or memory: https://www.google.com
    Source: chromecache_100.14.drString found in binary or memory: https://www.google.com/intl/
    Source: chromecache_93.14.drString found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
    Source: chromecache_93.14.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
    Source: chromecache_93.14.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
    Source: chromecache_93.14.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
    Source: chromecache_93.14.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
    Source: chromecache_93.14.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
    Source: chromecache_100.14.drString found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
    Source: chromecache_100.14.drString found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
    Source: file.exe, 00000000.00000003.2083613972.0000000000DB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: file.exe, 00000000.00000002.3306279174.0000000001530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd041.111
    Source: chromecache_100.14.drString found in binary or memory: https://youtube.com/t/terms?gl=
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 59483 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 59540 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59460 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59429
    Source: unknownNetwork traffic detected: HTTP traffic on port 59448 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59426
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59425
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59428
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59427
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59433
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59432
    Source: unknownNetwork traffic detected: HTTP traffic on port 59528 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59435
    Source: unknownNetwork traffic detected: HTTP traffic on port 59505 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59434
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59431
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59430
    Source: unknownNetwork traffic detected: HTTP traffic on port 59380 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 59413 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59437
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59436
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59439
    Source: unknownNetwork traffic detected: HTTP traffic on port 59356 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59438
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59444
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59446
    Source: unknownNetwork traffic detected: HTTP traffic on port 59471 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59445
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59440
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59442
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59441
    Source: unknownNetwork traffic detected: HTTP traffic on port 59402 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59437 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59345 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 59517 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59448
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59447
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59449
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59455
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59454
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59457
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59456
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59451
    Source: unknownNetwork traffic detected: HTTP traffic on port 59472 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59450
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59453
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59424 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59452
    Source: unknownNetwork traffic detected: HTTP traffic on port 59367 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59344 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59401 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 59392 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59449 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59338
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59459
    Source: unknownNetwork traffic detected: HTTP traffic on port 59506 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59337
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59458
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59339
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59345
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59466
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59344
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59465
    Source: unknownNetwork traffic detected: HTTP traffic on port 59494 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59347
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59468
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59346
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59467
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59341
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59462
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59340
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59461
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59343
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59464
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59342
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59463
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59460
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 59381 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 59458 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 59435 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 59355 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59507
    Source: unknownNetwork traffic detected: HTTP traffic on port 59393 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59506
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59509
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59508
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59503
    Source: unknownNetwork traffic detected: HTTP traffic on port 59370 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59502
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59505
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59504
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59510
    Source: unknownNetwork traffic detected: HTTP traffic on port 59470 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59493 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59512
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59511
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59415 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59403 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 59482 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 59518 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 59426 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59518
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59517
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59519
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59514
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59513
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59516
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59515
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59400
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59521
    Source: unknownNetwork traffic detected: HTTP traffic on port 59469 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59520
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59402
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59523
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59401
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59522
    Source: unknownNetwork traffic detected: HTTP traffic on port 59529 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59366 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 59481 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59408
    Source: unknownNetwork traffic detected: HTTP traffic on port 59414 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59529
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59407
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59528
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59409
    Source: unknownNetwork traffic detected: HTTP traffic on port 59507 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59404
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59525
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59403
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59524
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59406
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59527
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59405
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59526
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59411
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59532
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59410
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59531
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59413
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59534
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59412
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59533
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59447 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59530
    Source: unknownNetwork traffic detected: HTTP traffic on port 59459 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 59382 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 59541 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59436 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59419
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59418
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59371 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59415
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59414
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59535
    Source: unknownNetwork traffic detected: HTTP traffic on port 59354 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59417
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59538
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59416
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59537
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59422
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59543
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59421
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59424
    Source: unknownNetwork traffic detected: HTTP traffic on port 59530 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59423
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59544
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59420
    Source: unknownNetwork traffic detected: HTTP traffic on port 59425 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59541
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59540
    Source: unknownNetwork traffic detected: HTTP traffic on port 59343 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 59519 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59359 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59399
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59396
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59395
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59398
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59397
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59392
    Source: unknownNetwork traffic detected: HTTP traffic on port 59451 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59391
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59394
    Source: unknownNetwork traffic detected: HTTP traffic on port 59474 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59393
    Source: unknownNetwork traffic detected: HTTP traffic on port 59388 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59531 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59390
    Source: unknownNetwork traffic detected: HTTP traffic on port 59497 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59405 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59543 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59508 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59377 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59486 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59416 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59440 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59404 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59427 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59485 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 59463 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 59358 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59520 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59452 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59389 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59347 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59429 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59544 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59406 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59509 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59378 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59521 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59349
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59348
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59469
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59356
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59477
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59355
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59476
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59358
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59479
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59357
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59478
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59352
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59473
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59351
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59472
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59354
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59475
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59353
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59474
    Source: unknownNetwork traffic detected: HTTP traffic on port 59438 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59350
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59471
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59470
    Source: unknownNetwork traffic detected: HTTP traffic on port 59346 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59369 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59461 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59359
    Source: unknownNetwork traffic detected: HTTP traffic on port 59390 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59367
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59488
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59366
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59487
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59369
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59368
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59489
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59363
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59484
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59362
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59483
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59365
    Source: unknownNetwork traffic detected: HTTP traffic on port 59450 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59486
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59364
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59485
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59480
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59361
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59482
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59360
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59481
    Source: unknownNetwork traffic detected: HTTP traffic on port 59532 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59496 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59462 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59391 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59357 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59378
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59499
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59377
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59498
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59379
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59374
    Source: unknownNetwork traffic detected: HTTP traffic on port 59417 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59495
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59373
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59494
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59376
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59497
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59375
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59496
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59370
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59491
    Source: unknownNetwork traffic detected: HTTP traffic on port 59510 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59490
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59372
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59493
    Source: unknownNetwork traffic detected: HTTP traffic on port 59533 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59371
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59492
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59495 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59428 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59379 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59484 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59389
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59388
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59385
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59384
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59387
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59386
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59381
    Source: unknownNetwork traffic detected: HTTP traffic on port 59368 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59380
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59383
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59382
    Source: unknownNetwork traffic detected: HTTP traffic on port 59439 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59473 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59351 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59397 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59454 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59431 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59339 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59374 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59419 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59522 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59465 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59362 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59511 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59523 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59466 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59500 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59386 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59443 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59499 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59350 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59407 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59432 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59375 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59488 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59418 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59534 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59477 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59487 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59464 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59361 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59441 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59535 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59512 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59398 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59430 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59409 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59501 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59338 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59387 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59475 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59349 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59399 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59408 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59376 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59420 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59476 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59348 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59453 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59524 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59337 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59360 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59442 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59513 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59498 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59502 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59445 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59468 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59422 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59342 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59365 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59514 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59434 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59394 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59492 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59525 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59383 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59479 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59410 -> 443
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:59537 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00F1EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00F1ED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00F1EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00F0AA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F39576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00F39576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_cfa8074c-8
    Source: file.exe, 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_523932d0-0
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_113938d4-b
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_e0fb4317-0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00F0D5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F01201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00F01201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00F0E8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EA80600_2_00EA8060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F120460_2_00F12046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F082980_2_00F08298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDE4FF0_2_00EDE4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED676B0_2_00ED676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F348730_2_00F34873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EACAF00_2_00EACAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECCAA00_2_00ECCAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EBCC390_2_00EBCC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED6DD90_2_00ED6DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EA91C00_2_00EA91C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EBB1190_2_00EBB119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC13940_2_00EC1394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC17060_2_00EC1706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC781B0_2_00EC781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC19B00_2_00EC19B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EB997D0_2_00EB997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EA79200_2_00EA7920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC7A4A0_2_00EC7A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF3CEB0_2_00EF3CEB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC7CA70_2_00EC7CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC1C770_2_00EC1C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED9EEE0_2_00ED9EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2BE440_2_00F2BE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC1F320_2_00EC1F32
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00EC0A30 appears 46 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00EBF9F2 appears 40 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00EA9CB3 appears 31 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal64.troj.evad.winEXE@46/36@12/7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F137B5 GetLastError,FormatMessageW,0_2_00F137B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F010BF AdjustTokenPrivileges,CloseHandle,0_2_00F010BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F016C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00F016C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F151CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00F151CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00F2A67C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00F1648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EA42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00EA42A2
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2684:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4956:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1868:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6484:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1488:120:WilError_03
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobarsJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Google Drive.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: YouTube.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: Sheets.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: Gmail.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: Slides.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: Docs.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00EA42DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC0A76 push ecx; ret 0_2_00EC0A89
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EBF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00EBF98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F31C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00F31C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95609
    Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 7170Jump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow / User API: foregroundWindowGot 1774Jump to behavior
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
    Source: C:\Users\user\Desktop\file.exe TID: 4760Thread sleep time: -71700s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeThread sleep count: Count: 7170 delay: -10Jump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00F0DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDC2A2 FindFirstFileExW,0_2_00EDC2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F168EE FindFirstFileW,FindClose,0_2_00F168EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00F1698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00F0D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00F0D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F19642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00F19642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00F1979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F19B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00F19B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F15C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00F15C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00EA42DE
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1EAA2 BlockInput,0_2_00F1EAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00ED2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00EA42DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC4CE8 mov eax, dword ptr fs:[00000030h]0_2_00EC4CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F00B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00F00B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00ED2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EC083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC09D5 SetUnhandledExceptionFilter,0_2_00EC09D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00EC0C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F01201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00F01201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE2BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00EE2BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0B226 SendInput,keybd_event,0_2_00F0B226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F222DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00F222DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F00B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00F00B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F01663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00F01663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC0698 cpuid 0_2_00EC0698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F18195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00F18195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFD27A GetUserNameW,0_2_00EFD27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00EDB952
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00EA42DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 4564, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 4564, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F21204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00F21204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F21806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00F21806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		11
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAt1
    Registry Run Keys / Startup Folder    		2
    Valid Accounts    		2
    Obfuscated Files or Information    		Security Account Manager1
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
    Access Token Manipulation    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture4
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
    Process Injection    		1
    Masquerading    		LSA Secrets12
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
    Registry Run Keys / Startup Folder    		2
    Valid Accounts    		Cached Domain Credentials12
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
    Virtualization/Sandbox Evasion    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
    Access Token Manipulation    		Proc Filesystem11
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
    Process Injection    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1526115 Sample: file.exe Startdate: 04/10/2024 Architecture: WINDOWS Score: 64 46 Yara detected Credential Flusher 2->46 48 Binary is likely a compiled AutoIt script file 2->48 50 Machine Learning detection for sample 2->50 52 AI detected suspicious sample 2->52 7 file.exe 2->7         started        process3 signatures4 54 Binary is likely a compiled AutoIt script file 7->54 56 Found API chain indicative of sandbox detection 7->56 10 chrome.exe 9 7->10         started        13 taskkill.exe 1 7->13         started        15 taskkill.exe 1 7->15         started        17 3 other processes 7->17 process5 dnsIp6 42 192.168.2.5, 443, 49184, 49677 unknown unknown 10->42 44 239.255.255.250 unknown Reserved 10->44 19 chrome.exe 10->19         started        22 chrome.exe 10->22         started        24 chrome.exe 6 10->24         started        26 conhost.exe 13->26         started        28 conhost.exe 15->28         started        30 conhost.exe 17->30         started        32 conhost.exe 17->32         started        34 conhost.exe 17->34         started        process7 dnsIp8 36 play.google.com 142.250.181.238, 443, 49735, 49737 GOOGLEUS United States 19->36 38 www.google.com 142.250.184.196, 443, 49715, 59538 GOOGLEUS United States 19->38 40 6 other IPs or domains 19->40

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://play.google/intl/0%URL Reputationsafe
    https://families.google.com/intl/0%URL Reputationsafe
    https://policies.google.com/technologies/location-data0%URL Reputationsafe
    https://apis.google.com/js/api.js0%URL Reputationsafe
    https://policies.google.com/privacy/google-partners0%URL Reputationsafe
    https://policies.google.com/terms/service-specific0%URL Reputationsafe
    https://g.co/recover0%URL Reputationsafe
    https://policies.google.com/privacy/additional0%URL Reputationsafe
    https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=32850720%URL Reputationsafe
    https://policies.google.com/technologies/cookies0%URL Reputationsafe
    https://policies.google.com/terms0%URL Reputationsafe
    https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=0%URL Reputationsafe
    https://support.google.com/accounts?hl=0%URL Reputationsafe
    https://policies.google.com/terms/location0%URL Reputationsafe
    https://policies.google.com/privacy0%URL Reputationsafe
    https://support.google.com/accounts?p=new-si-ui0%URL Reputationsafe
    https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    youtube-ui.l.google.com
    		142.250.185.142
    		truefalse
      		unknown
      www3.l.google.com
      		142.250.185.142
      		truefalse
        		unknown
        play.google.com
        		142.250.181.238
        		truefalse
          		unknown
          www.google.com
          		142.250.184.196
          		truefalse
            		unknown
            youtube.com
            		142.250.186.110
            		truefalse
              		unknown
              accounts.youtube.com
              		unknown
              		unknownfalse
                		unknown
                www.youtube.com
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://play.google.com/log?format=json&hasfast=true&authuser=0false
                    		unknown
                    https://www.google.com/favicon.icofalse
                      		unknown
                      https://play.google.com/log?hasfast=true&authuser=0&format=jsonfalse
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://play.google/intl/chromecache_100.14.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://families.google.com/intl/chromecache_100.14.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://youtube.com/t/terms?gl=chromecache_100.14.drfalse
                          		unknown
                          https://policies.google.com/technologies/location-datachromecache_100.14.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/intl/chromecache_100.14.drfalse
                            		unknown
                            https://apis.google.com/js/api.jschromecache_93.14.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://policies.google.com/privacy/google-partnerschromecache_100.14.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://play.google.com/work/enroll?identifier=chromecache_100.14.drfalse
                              		unknown
                              https://policies.google.com/terms/service-specificchromecache_100.14.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://g.co/recoverchromecache_100.14.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://policies.google.com/privacy/additionalchromecache_100.14.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072chromecache_100.14.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://policies.google.com/technologies/cookieschromecache_100.14.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://policies.google.com/termschromecache_100.14.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=chromecache_93.14.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://www.google.comchromecache_100.14.drfalse
                                		unknown
                                https://play.google.com/log?format=json&hasfast=truechromecache_100.14.drfalse
                                  		unknown
                                  https://www.youtube.com/t/terms?chromeless=1&hl=chromecache_100.14.drfalse
                                    		unknown
                                    https://support.google.com/accounts?hl=chromecache_100.14.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://policies.google.com/terms/locationchromecache_100.14.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://policies.google.com/privacychromecache_100.14.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.google.com/accounts?p=new-si-uichromecache_100.14.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessagechromecache_100.14.drfalse
                                    • URL Reputation: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.250.184.196
                                    		www.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.185.238
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.181.238
                                    		play.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    239.255.255.250
                                    		unknownReserved
                                    		unknownunknownfalse
                                    142.250.185.142
                                    		youtube-ui.l.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.186.110
                                    		youtube.comUnited States
                                    		15169GOOGLEUSfalse

                                    Private

                                    IP
                                    192.168.2.5

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1526115
                                    Start date and time:2024-10-04 19:20:07 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 5m 8s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:20
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:file.exe
                                    Detection:MAL
                                    Classification:mal64.troj.evad.winEXE@46/36@12/7
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:
                                    • Successful, ratio: 96%
                                    • Number of executed functions: 37
                                    • Number of non-executed functions: 316
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 142.250.184.195, 173.194.76.84, 142.250.185.206, 34.104.35.123, 172.217.16.202, 142.250.184.234, 142.250.185.138, 142.250.186.74, 142.250.184.202, 142.250.185.234, 142.250.185.74, 142.250.185.106, 216.58.212.138, 142.250.185.170, 142.250.186.170, 216.58.206.74, 142.250.181.234, 142.250.186.138, 216.58.206.42, 142.250.185.202, 172.217.16.195, 216.58.212.170, 172.217.18.10, 142.250.186.106, 142.250.186.42, 217.20.57.23, 192.229.221.95, 142.250.185.131, 142.251.168.84, 216.58.206.46
                                    • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
                                    • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: file.exe

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    239.255.255.250https://s3.amazonaws.com/r3e1272/Rco.html#4eyOul3510eTKK19nejdimaazo189TBUDIERNFIMTFBQ264510CRSG907S11Get hashmaliciousPhisherBrowse
                                      http://nirothniroth.site/?p=22&fbclid=IwY2xjawFs_DdleHRuA2FlbQIxMQABHTdgZU6ok722L5RxKPR-zh7Gkm6BqZ8BcT950y1bxf6l0LKz0zslg7KJHw_aem__ldVm1UUndXAkwYRakjBzgGet hashmaliciousUnknownBrowse
                                        https://www.fukui-tv.co.jp/_click.php?id=83642&url=https://brewingrecovery.com/carrierzone.html#acctg@azteccontainer.comGet hashmaliciousHTMLPhisherBrowse
                                          https://hegekaka.za.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVZFNUpaM1U9JnVpZD1VU0VSMTYwOTIwMjRVMjMwOTE2MTk=N0123NGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                              http://foth.federal-docs.com/uAfwCGet hashmaliciousHTMLPhisherBrowse
                                                https://rs-stripe.hometalk.com/branding/?utm_source=contentstripe&ampGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                    https://epayindia.epayperformance.com/Login.aspx?AppraisalId=6871Get hashmaliciousPhisherBrowse
                                                      https://nassistenza-online.209-74-64-227.cprapid.com/Get hashmaliciousPhisherBrowse

                                                        Domains

                                                        No context

                                                        ASNs

                                                        No context

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        28a2c9bd18a11de089ef85a160da29e4http://nirothniroth.site/?p=22&fbclid=IwY2xjawFs_DdleHRuA2FlbQIxMQABHTdgZU6ok722L5RxKPR-zh7Gkm6BqZ8BcT950y1bxf6l0LKz0zslg7KJHw_aem__ldVm1UUndXAkwYRakjBzgGet hashmaliciousUnknownBrowse
                                                        • 4.245.163.56
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        https://www.fukui-tv.co.jp/_click.php?id=83642&url=https://brewingrecovery.com/carrierzone.html#acctg@azteccontainer.comGet hashmaliciousHTMLPhisherBrowse
                                                        • 4.245.163.56
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        https://hegekaka.za.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVZFNUpaM1U9JnVpZD1VU0VSMTYwOTIwMjRVMjMwOTE2MTk=N0123NGet hashmaliciousUnknownBrowse
                                                        • 4.245.163.56
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                        • 4.245.163.56
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        http://foth.federal-docs.com/uAfwCGet hashmaliciousHTMLPhisherBrowse
                                                        • 4.245.163.56
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        https://rs-stripe.hometalk.com/branding/?utm_source=contentstripe&ampGet hashmaliciousUnknownBrowse
                                                        • 4.245.163.56
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                        • 4.245.163.56
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        https://epayindia.epayperformance.com/Login.aspx?AppraisalId=6871Get hashmaliciousPhisherBrowse
                                                        • 4.245.163.56
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        https://nassistenza-online.209-74-64-227.cprapid.com/Get hashmaliciousPhisherBrowse
                                                        • 4.245.163.56
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        http://bloxsales.com/Get hashmaliciousUnknownBrowse
                                                        • 4.245.163.56
                                                        • 184.28.90.27
                                                        • 13.107.246.45

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 16:21:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2677
                                                        Entropy (8bit):3.980776194508738
                                                        Encrypted:false
                                                        SSDEEP:48:89d6TGCLHQidAKZdA19ehwiZUklqehRy+3:8Kfi+y
                                                        MD5:7ED99D73C1618A1405BD2FF824B272F0
                                                        SHA1:8C6D952242D7C6146DEECFA1681C4725D6E82BDC
                                                        SHA-256:FCC9F97C2DBDCD984A680F10C9968331ABD81B2B45907FABD3670E03CE7F97EB
                                                        SHA-512:6E3FC8A49C717F32DBFEF782D8299C46AE856A55C65B98F9AFF9492FD664F50792930C21C56840783D54DCADFFAFFBC8EC2B9A2A029971C0C77F864548975749
                                                        Malicious:false
                                                        Preview:L..................F.@.. ...$+.,....{......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............,.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 16:21:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2679
                                                        Entropy (8bit):3.9953221132676786
                                                        Encrypted:false
                                                        SSDEEP:48:8Vd6TGCLHQidAKZdA1weh/iZUkAQkqehuy+2:8Sf49Qzy
                                                        MD5:2C4F15C2FA9BE4EEC67A8400E0F679DB
                                                        SHA1:01CA179143CB135587A6CDD4E4638E9C0D5E4C90
                                                        SHA-256:A33D8306C6CD7299E54172B17941677EFAA0D5E23DA23089D9FB5A8105C08BD2
                                                        SHA-512:83DA94BAC0D8CD847C5432CC83792AD10A053F6292E8DDA8348CF421AC22A74F7D0E295A3B6596DAE74EEEEECC8B2D722281392A2833F1AD88401D6456296B69
                                                        Malicious:false
                                                        Preview:L..................F.@.. ...$+.,....L.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............,.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2693
                                                        Entropy (8bit):4.005359039749898
                                                        Encrypted:false
                                                        SSDEEP:48:8xDd6TGCsHQidAKZdA14tseh7sFiZUkmgqeh7sYy+BX:8xIfhnqy
                                                        MD5:5CB4426B46AC7DC52CF55DF4C23B977D
                                                        SHA1:5C89126D7078F4D588E2EA0BA5DD4C71B92DE4C2
                                                        SHA-256:C509411533C8887D7E12A75037016D81CD1D8CE6988DA702C8E4C42CE4DC8A60
                                                        SHA-512:91DC8BC44013E6D048CE3FDDE2DFF1F3D91C15CCEC6D0DF8638962E362EE21A35E9F36C8FF67595090B5ED0B891244540D3B78A5581C40A2D3BF60484B80ABD7
                                                        Malicious:false
                                                        Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............,.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 16:21:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2681
                                                        Entropy (8bit):3.9936260495847575
                                                        Encrypted:false
                                                        SSDEEP:48:8zd6TGCLHQidAKZdA1vehDiZUkwqehCy+R:8YfjQy
                                                        MD5:C940991B31CA7810346BBFFD94B7DFB6
                                                        SHA1:6E1B690AAC4CE9A41339450EDC507096F13EF834
                                                        SHA-256:CBDC6B0191F55CD92CEA6AF882FC424B960E410A18718A8F343AC8E85EB83F50
                                                        SHA-512:DFAC042132EF14BDCB17B06797DCC6944553BACEDEE74290D1147BDE80538F170147CA33454A5D94394FBA9C9BFC7CFBB25DE0A0C3A6DE08F592C70AE20091F5
                                                        Malicious:false
                                                        Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............,.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 16:21:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2681
                                                        Entropy (8bit):3.9846236912226654
                                                        Encrypted:false
                                                        SSDEEP:48:87d6TGCLHQidAKZdA1hehBiZUk1W1qehEy+C:8wfz9ky
                                                        MD5:6F61031755764A44AB721AFC27CD1F4B
                                                        SHA1:76BA6F9313039B1922A1395F4CCFFE6EB97D972D
                                                        SHA-256:D6EA60BE4BBDF5076E029C6D720E37B1D6164164E4956BDACADCF1E5B0073675
                                                        SHA-512:400C54728E1843D189C3A823F52FB839D4142960FD8C30C0CCF11199E6402B1766F8387FAD4EB3A4662BEFABDA500B11718833F9C158F44BFF50804399F29F0F
                                                        Malicious:false
                                                        Preview:L..................F.@.. ...$+.,....*.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............,.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 16:21:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2683
                                                        Entropy (8bit):3.9929879364497514
                                                        Encrypted:false
                                                        SSDEEP:48:8nd6TGCLHQidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbqy+yT+:8UfjT/TbxWOvTbqy7T
                                                        MD5:BB6F75D3495CE5BE0B250220514FFB8F
                                                        SHA1:C21CAD5B97533CF1A03F0721414D402CD7C4A321
                                                        SHA-256:2EF78082DFC56D5F45149C16D90C6DB9935CDFA905BB71691FD50182B4A33F10
                                                        SHA-512:97AFD4B75F2677137FE19E09925B61D4D0D225DB804F96378F672E26E3EB36F0D5F6C7683E0FA1991507DE03BBDE072A8DA7759764D7029DECFED45C96831F99
                                                        Malicious:false
                                                        Preview:L..................F.@.. ...$+.,....6.}....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............,.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        Chrome Cache Entry: 100

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (5693)
                                                        Category:downloaded
                                                        Size (bytes):698375
                                                        Entropy (8bit):5.594847180822494
                                                        Encrypted:false
                                                        SSDEEP:6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLniy7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxniZU+
                                                        MD5:9CB39A9BED5FF75EEA0E5CDECB8173A2
                                                        SHA1:17221DDCEBFCDD26C01E6EB9A8FB51CFCDE716E8
                                                        SHA-256:37D3F108CC80806B0C46B3D6A2084E33E7370124D3B8AAEF55588370CFEBC014
                                                        SHA-512:8C07EC9BEB91B345B25280EFD158D77F8E4A6F889A9CDFDECF734C12EDAC2D2FC329EF5F72D5DBF7A795E24E5D77A30E4072F8547FCF80560655AB737ED4658E
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
                                                        Preview:"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

                                                        Chrome Cache Entry: 101

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (2907)
                                                        Category:downloaded
                                                        Size (bytes):23298
                                                        Entropy (8bit):5.429186219736739
                                                        Encrypted:false
                                                        SSDEEP:384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
                                                        MD5:A5C41D7BA22E9CF451810802AE5AC2E8
                                                        SHA1:858F35134A0BD7BAECB1B1A30EC3645642214554
                                                        SHA-256:D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
                                                        SHA-512:DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka||a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

                                                        Chrome Cache Entry: 102

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):84
                                                        Entropy (8bit):4.875266466142591
                                                        Encrypted:false
                                                        SSDEEP:3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
                                                        MD5:87B6333E98B7620EA1FF98D1A837A39E
                                                        SHA1:105DE6815B0885357DE1414BFC0D77FCC9E924EF
                                                        SHA-256:DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
                                                        SHA-512:867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
                                                        Malicious:false
                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                                        Preview:Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

                                                        Chrome Cache Entry: 103

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (468)
                                                        Category:downloaded
                                                        Size (bytes):1858
                                                        Entropy (8bit):5.297658905867848
                                                        Encrypted:false
                                                        SSDEEP:48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
                                                        MD5:B42DB3D22B12B8E3BE1B82961FE2870E
                                                        SHA1:D9CFD11C1C2DE17A7E9301F11AD875B610B96576
                                                        SHA-256:75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
                                                        SHA-512:EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)||function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)||function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)||function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

                                                        Chrome Cache Entry: 104

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (533)
                                                        Category:downloaded
                                                        Size (bytes):9210
                                                        Entropy (8bit):5.393248075042016
                                                        Encrypted:false
                                                        SSDEEP:192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
                                                        MD5:2ED5BC88509286438B682EFF23518005
                                                        SHA1:D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
                                                        SHA-256:F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
                                                        SHA-512:12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null||typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]||null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null||b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

                                                        Chrome Cache Entry: 105

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (570)
                                                        Category:downloaded
                                                        Size (bytes):3467
                                                        Entropy (8bit):5.508385764606741
                                                        Encrypted:false
                                                        SSDEEP:96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
                                                        MD5:231ABD6E6C360E709640B399EDF85476
                                                        SHA1:6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
                                                        SHA-256:44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
                                                        SHA-512:D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

                                                        Chrome Cache Entry: 106

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (1694)
                                                        Category:downloaded
                                                        Size (bytes):32500
                                                        Entropy (8bit):5.378121087555083
                                                        Encrypted:false
                                                        SSDEEP:768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
                                                        MD5:57D7B0A2CE36496F05AFA27B39C1F219
                                                        SHA1:418AD03C2E75AEAF188E2A00123B70E09D541656
                                                        SHA-256:E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
                                                        SHA-512:78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

                                                        Chrome Cache Entry: 107

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:HTML document, ASCII text, with very long lines (681)
                                                        Category:downloaded
                                                        Size (bytes):4066
                                                        Entropy (8bit):5.369564168658135
                                                        Encrypted:false
                                                        SSDEEP:96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoT4w:3mTOImedWOVF6vtUJyA8xJt
                                                        MD5:4D3D9750CA5EB8A7D20993397BC5A6B8
                                                        SHA1:DDB05A2C8AB1FD4537EEB2433BDF507CEE8CB8D2
                                                        SHA-256:FCD1C642992A0BAF9038B3710DA080282AF0C80C113E1CE8F984F8143A2B2B32
                                                        SHA-512:482DD926971FACA341058B35D333CEF64EAC460FC29B0B17AF5CD515253BCE973BBCAABADE3C4D125E07DE3BC75DE52059D5B229C44C5F95A30B845651EF64CA
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
                                                        Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

                                                        Chrome Cache Entry: 93

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (553)
                                                        Category:downloaded
                                                        Size (bytes):744316
                                                        Entropy (8bit):5.792608700917594
                                                        Encrypted:false
                                                        SSDEEP:6144:I5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguaH:SOeKGSpguA
                                                        MD5:7688B6A43A8DB0E35A10F8D9459EB1A9
                                                        SHA1:D43513E1A8DC4A835E7D56F017A6627AA1FD9C6C
                                                        SHA-256:428C9555690800E56942D807A8582D3B657257691BDD95154B343CBCC596B846
                                                        SHA-512:E4B1B57C4164F9334B0298C4F58CFB72E6AB843498613533D338A8C1C20EC7F2198E98166A0ACEB1E821F92776227B584EC715A448455DD08995B3591D32BC82
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlFHkTXCZ-hg14J3jkKd86NxaCuRFA/m=_b,_tp"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x2860c1e4, 0x2046d860, 0x39e13c40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/./*. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

                                                        Chrome Cache Entry: 94

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (683)
                                                        Category:downloaded
                                                        Size (bytes):3131
                                                        Entropy (8bit):5.352056237104327
                                                        Encrypted:false
                                                        SSDEEP:48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
                                                        MD5:ADEF03127F74F5E6742B8CFA7B863F28
                                                        SHA1:58D7C635582AF10E91EC047FD315FAF758AF51DA
                                                        SHA-256:5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
                                                        SHA-512:3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d||(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

                                                        Chrome Cache Entry: 95

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (755)
                                                        Category:downloaded
                                                        Size (bytes):1460
                                                        Entropy (8bit):5.274624539239422
                                                        Encrypted:false
                                                        SSDEEP:24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
                                                        MD5:481C149C4D3EE4A53C3E7CBA067371DF
                                                        SHA1:E0FED275636D3492C922C44F010157FAF0936733
                                                        SHA-256:9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
                                                        SHA-512:EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()*1E3,a.bS(),d.aa()*1E3,b)},h_a=function(a){return Math.random()*Math.min(a.xa*Math.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

                                                        Chrome Cache Entry: 96

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                        Category:downloaded
                                                        Size (bytes):5430
                                                        Entropy (8bit):3.6534652184263736
                                                        Encrypted:false
                                                        SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                        MD5:F3418A443E7D841097C714D69EC4BCB8
                                                        SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                        SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                        SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                        Malicious:false
                                                        URL:https://www.google.com/favicon.ico
                                                        Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                        Chrome Cache Entry: 97

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (522)
                                                        Category:downloaded
                                                        Size (bytes):5050
                                                        Entropy (8bit):5.30005628600801
                                                        Encrypted:false
                                                        SSDEEP:96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
                                                        MD5:D9F15F1AEAF15673336FAA3507D1A2A7
                                                        SHA1:FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
                                                        SHA-256:AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
                                                        SHA-512:D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")||"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")||"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

                                                        Chrome Cache Entry: 98

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
                                                        Category:downloaded
                                                        Size (bytes):52280
                                                        Entropy (8bit):7.995413196679271
                                                        Encrypted:true
                                                        SSDEEP:1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
                                                        MD5:F61F0D4D0F968D5BBA39A84C76277E1A
                                                        SHA1:AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
                                                        SHA-256:57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
                                                        SHA-512:6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
                                                        Malicious:false
                                                        URL:https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
                                                        Preview:wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.*',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.|*(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.5*1w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e*......71.?.7.ORv.?...l...G|.P...|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....|..D.d..

                                                        Chrome Cache Entry: 99

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (395)
                                                        Category:downloaded
                                                        Size (bytes):1608
                                                        Entropy (8bit):5.271783084011668
                                                        Encrypted:false
                                                        SSDEEP:48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
                                                        MD5:45EA91A811A594F81B7F760DD14BE237
                                                        SHA1:2C97782C6D5D0BCFB3676FF24AA1008251090DAE
                                                        SHA-256:7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
                                                        SHA-512:4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGVJL8WbFRPK4Is59AG4mHu-nT6-A/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Entropy (8bit):6.583809303593731
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:file.exe
                                                        File size:919'040 bytes
                                                        MD5:c64970aca973dfb3413fd4c44e199117
                                                        SHA1:d7c30c675079c94be1654ef76f3b0b70e0b9ae79
                                                        SHA256:e9e2008c442d12d9fe5e7598e2008da4d9daab25e0fab631492fbd7f50e655a9
                                                        SHA512:464c05fb77e001755e9cd0827c919b950c9abffb1ebf04b86ed9d24f3f56dc9addebbef877fd7d8929a970a743c17fb6fd22e0a19052c24a326767e45f721351
                                                        SSDEEP:24576:UqDEvCTbMWu7rQYlBQcBiT6rprG8a49K:UTvC/MTQYxsWR7a4
                                                        TLSH:3D159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                        File Icon

                                                        Icon Hash:aaf3e3e3938382a0

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x420577
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x67001E42 [Fri Oct 4 16:56:34 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:5
                                                        OS Version Minor:1
                                                        File Version Major:5
                                                        File Version Minor:1
                                                        Subsystem Version Major:5
                                                        Subsystem Version Minor:1
                                                        Import Hash:948cc502fe9226992dce9417f952fce3

                                                        Entrypoint Preview

                                                        Instruction
                                                        call 00007FCB9CE7FD13h
                                                        jmp 00007FCB9CE7F61Fh
                                                        push ebp
                                                        mov ebp, esp
                                                        push esi
                                                        push dword ptr [ebp+08h]
                                                        mov esi, ecx
                                                        call 00007FCB9CE7F7FDh
                                                        mov dword ptr [esi], 0049FDF0h
                                                        mov eax, esi
                                                        pop esi
                                                        pop ebp
                                                        retn 0004h
                                                        and dword ptr [ecx+04h], 00000000h
                                                        mov eax, ecx
                                                        and dword ptr [ecx+08h], 00000000h
                                                        mov dword ptr [ecx+04h], 0049FDF8h
                                                        mov dword ptr [ecx], 0049FDF0h
                                                        ret
                                                        push ebp
                                                        mov ebp, esp
                                                        push esi
                                                        push dword ptr [ebp+08h]
                                                        mov esi, ecx
                                                        call 00007FCB9CE7F7CAh
                                                        mov dword ptr [esi], 0049FE0Ch
                                                        mov eax, esi
                                                        pop esi
                                                        pop ebp
                                                        retn 0004h
                                                        and dword ptr [ecx+04h], 00000000h
                                                        mov eax, ecx
                                                        and dword ptr [ecx+08h], 00000000h
                                                        mov dword ptr [ecx+04h], 0049FE14h
                                                        mov dword ptr [ecx], 0049FE0Ch
                                                        ret
                                                        push ebp
                                                        mov ebp, esp
                                                        push esi
                                                        mov esi, ecx
                                                        lea eax, dword ptr [esi+04h]
                                                        mov dword ptr [esi], 0049FDD0h
                                                        and dword ptr [eax], 00000000h
                                                        and dword ptr [eax+04h], 00000000h
                                                        push eax
                                                        mov eax, dword ptr [ebp+08h]
                                                        add eax, 04h
                                                        push eax
                                                        call 00007FCB9CE823BDh
                                                        pop ecx
                                                        pop ecx
                                                        mov eax, esi
                                                        pop esi
                                                        pop ebp
                                                        retn 0004h
                                                        lea eax, dword ptr [ecx+04h]
                                                        mov dword ptr [ecx], 0049FDD0h
                                                        push eax
                                                        call 00007FCB9CE82408h
                                                        pop ecx
                                                        ret
                                                        push ebp
                                                        mov ebp, esp
                                                        push esi
                                                        mov esi, ecx
                                                        lea eax, dword ptr [esi+04h]
                                                        mov dword ptr [esi], 0049FDD0h
                                                        push eax
                                                        call 00007FCB9CE823F1h
                                                        test byte ptr [ebp+08h], 00000001h
                                                        pop ecx

                                                        Rich Headers

                                                        Programming Language:
                                                        • [ C ] VS2008 SP1 build 30729
                                                        • [IMP] VS2008 SP1 build 30729

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9bb8.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0xd40000x9bb80x9c0059dd5619d9832ccea00d56198c9b1647False0.3167568108974359data5.332255753935347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                        RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                        RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                        RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                        RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                        RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                        RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                        RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                        RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                        RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                        RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                        RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                        RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                        RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                        RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                        RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                        RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                        RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                        RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                        RT_RCDATA0xdc7b80xe7edata1.002964959568733
                                                        RT_GROUP_ICON0xdd6380x76dataEnglishGreat Britain0.6610169491525424
                                                        RT_GROUP_ICON0xdd6b00x14dataEnglishGreat Britain1.25
                                                        RT_GROUP_ICON0xdd6c40x14dataEnglishGreat Britain1.15
                                                        RT_GROUP_ICON0xdd6d80x14dataEnglishGreat Britain1.25
                                                        RT_VERSION0xdd6ec0xdcdataEnglishGreat Britain0.6181818181818182
                                                        RT_MANIFEST0xdd7c80x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                        Imports

                                                        DLLImport
                                                        WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                        MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                        WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                        PSAPI.DLLGetProcessMemoryInfo
                                                        IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                        USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                        UxTheme.dllIsThemeActive
                                                        KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                        USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                        GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                        COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                        ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                        SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                        ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                        OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishGreat Britain

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 4, 2024 19:20:56.613575935 CEST49675443192.168.2.523.1.237.91
                                                        Oct 4, 2024 19:20:56.613590956 CEST49674443192.168.2.523.1.237.91
                                                        Oct 4, 2024 19:20:56.707318068 CEST49673443192.168.2.523.1.237.91
                                                        Oct 4, 2024 19:21:04.276856899 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:04.276896000 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:04.277076960 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:04.278017044 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:04.278036118 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:05.009546995 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:05.009725094 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:05.009738922 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:05.010329962 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:05.010395050 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:05.011404037 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:05.011456013 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:05.012185097 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:05.012273073 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:05.012367964 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:05.012381077 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:05.060623884 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:05.298403025 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:05.298546076 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:05.299326897 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:05.481175900 CEST49707443192.168.2.5142.250.186.110
                                                        Oct 4, 2024 19:21:05.481204033 CEST44349707142.250.186.110192.168.2.5
                                                        Oct 4, 2024 19:21:05.491620064 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:05.491719961 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:05.491836071 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:05.492029905 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:05.492053032 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.174503088 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.174820900 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:06.174859047 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.175447941 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.175522089 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:06.176461935 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.176527977 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:06.177572012 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:06.177663088 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.177753925 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:06.216873884 CEST49675443192.168.2.523.1.237.91
                                                        Oct 4, 2024 19:21:06.216886044 CEST49674443192.168.2.523.1.237.91
                                                        Oct 4, 2024 19:21:06.223409891 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.232485056 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:06.232502937 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.279361010 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:06.310641050 CEST49673443192.168.2.523.1.237.91
                                                        Oct 4, 2024 19:21:06.485436916 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.485457897 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.485528946 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:06.485562086 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.485814095 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:06.485888004 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:06.516088009 CEST49710443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:06.516123056 CEST44349710142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:08.122172117 CEST4434970323.1.237.91192.168.2.5
                                                        Oct 4, 2024 19:21:08.122284889 CEST49703443192.168.2.523.1.237.91
                                                        Oct 4, 2024 19:21:08.539587021 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:08.539694071 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:08.539794922 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:08.540008068 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:08.540026903 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:08.782892942 CEST49716443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:08.782975912 CEST44349716184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:08.783067942 CEST49716443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:08.784612894 CEST49716443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:08.784648895 CEST44349716184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:09.333771944 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:09.342905045 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:09.342942953 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:09.344225883 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:09.344322920 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:09.346314907 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:09.346388102 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:09.388665915 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:09.388688087 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:09.435585022 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:09.542290926 CEST44349716184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:09.542371988 CEST49716443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:09.546320915 CEST49716443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:09.546340942 CEST44349716184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:09.546572924 CEST44349716184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:09.594466925 CEST49716443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:09.661866903 CEST49716443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:09.707412004 CEST44349716184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:09.960346937 CEST44349716184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:09.960434914 CEST44349716184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:09.960490942 CEST49716443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:09.994810104 CEST49716443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:09.994858027 CEST44349716184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:09.994884968 CEST49716443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:09.994901896 CEST44349716184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:10.040904045 CEST49721443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:10.040913105 CEST44349721184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:10.040993929 CEST49721443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:10.041258097 CEST49721443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:10.041270971 CEST44349721184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:10.678966999 CEST44349721184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:10.679027081 CEST49721443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:10.681111097 CEST49721443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:10.681117058 CEST44349721184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:10.681446075 CEST44349721184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:10.683180094 CEST49721443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:10.723433018 CEST44349721184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:10.960712910 CEST44349721184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:10.960799932 CEST44349721184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:10.960849047 CEST49721443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:10.980247974 CEST49721443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:10.980276108 CEST44349721184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:10.980288982 CEST49721443192.168.2.5184.28.90.27
                                                        Oct 4, 2024 19:21:10.980298042 CEST44349721184.28.90.27192.168.2.5
                                                        Oct 4, 2024 19:21:13.757527113 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:13.757574081 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:13.757725954 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:13.758053064 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:13.758070946 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.412776947 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.413016081 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.413048983 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.414472103 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.414552927 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.415494919 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.415561914 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.416599989 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.416685104 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.416807890 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.416820049 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.468904972 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.736412048 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.736577988 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.736640930 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.736675024 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.736727953 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.736777067 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.736828089 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.741880894 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.741980076 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.748378992 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.748435020 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.748475075 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.748537064 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.754553080 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.754611969 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.771271944 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.771367073 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.771431923 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.771486044 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.825067043 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.825186014 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.825220108 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.825241089 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.825432062 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.825483084 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.825491905 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.825531960 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.832093000 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.832169056 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.832185030 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.832236052 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.844376087 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.844461918 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.845767975 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.845828056 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.845859051 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.851799965 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.853787899 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.853797913 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.857458115 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.857794046 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:14.857795954 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.857842922 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.940740108 CEST49732443192.168.2.5142.250.185.142
                                                        Oct 4, 2024 19:21:14.940771103 CEST44349732142.250.185.142192.168.2.5
                                                        Oct 4, 2024 19:21:15.073158026 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.073244095 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.073316097 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.073524952 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.073550940 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.144097090 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.144150972 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.144208908 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.144555092 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.144572020 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.687190056 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:15.687239885 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:15.687314034 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:15.687619925 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:15.687645912 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:15.713234901 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.713550091 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.713606119 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.714153051 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.714227915 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.715153933 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.715212107 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.716213942 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.716305017 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.716484070 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.716501951 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.764178038 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.773988962 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.774185896 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.774204016 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.774713039 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.774775028 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.775732040 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.775785923 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.775897980 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.775979996 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.776029110 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:15.776037931 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:15.825777054 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.015556097 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.015748978 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.015836000 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.016108036 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.016161919 CEST44349735142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.016192913 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.016237974 CEST49735443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.017277002 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.017306089 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.017374992 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.017690897 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.017703056 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.072077990 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.072468996 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.072520971 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.073930025 CEST49737443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.073949099 CEST44349737142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.075372934 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.075396061 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.075454950 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.078212976 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.078224897 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.346925020 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.347050905 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.349886894 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.349903107 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.350236893 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.358941078 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.399442911 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.461702108 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.461735964 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.461808920 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.461838961 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.461900949 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.546185970 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.546236038 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.546277046 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.546307087 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.546328068 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.546355009 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.547532082 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.547574043 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.547610998 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.547617912 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.547640085 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.547655106 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.634237051 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.634298086 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.634349108 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.634385109 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.634402990 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.634452105 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.634607077 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.634653091 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.634681940 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.634689093 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.634704113 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.634727955 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.635516882 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.635560989 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.635577917 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.635585070 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.635612965 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.635624886 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.636240005 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.636281967 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.636312962 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.636317968 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.636336088 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.636358976 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.656171083 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.656428099 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.656440020 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.656943083 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.657004118 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.657944918 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.657999039 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.658200026 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.658277988 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.658371925 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.658380985 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.658395052 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.702492952 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.702500105 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.707425117 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.707642078 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.707649946 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.708007097 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.708070993 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.708617926 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.708662987 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.708775043 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.708832026 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.708889008 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.708898067 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.708913088 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.749392033 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:16.749401093 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.817456007 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.817507982 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.817662001 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.817662001 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.817698002 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.817887068 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.817897081 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.817925930 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.817965984 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.817977905 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.817992926 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.818005085 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.818037033 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.818064928 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.818622112 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.818661928 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.818691015 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.818697929 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.818725109 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.818737030 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.819432020 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.819470882 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.819505930 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.819510937 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.819541931 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.819551945 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.822277069 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.822319031 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.822352886 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.822357893 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.822411060 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.822432041 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.822716951 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.822757959 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.822789907 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.822796106 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.822827101 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.822837114 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.829530954 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.829637051 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.829643011 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.829683065 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.829687119 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.829696894 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.829725027 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.829731941 CEST49739443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.829746962 CEST4434973913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.882390976 CEST49746443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.882426023 CEST4434974613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.882499933 CEST49746443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.883934975 CEST49747443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.884031057 CEST4434974713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.884116888 CEST49747443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.888381004 CEST49746443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.888395071 CEST4434974613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.890465021 CEST49747443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.890500069 CEST4434974713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.893245935 CEST49748443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.893294096 CEST4434974813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.893358946 CEST49748443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.893471956 CEST49748443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.893487930 CEST4434974813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.894102097 CEST49749443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.894154072 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.894202948 CEST49749443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.894292116 CEST49749443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.894301891 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.895481110 CEST49750443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.895493031 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.895545959 CEST49750443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.895649910 CEST49750443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:16.895663023 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:16.998193979 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.998560905 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:16.998706102 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:17.013309956 CEST49741443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:17.013319016 CEST44349741142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:17.027626038 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:17.028110027 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:17.028170109 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:17.030327082 CEST49742443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:17.030332088 CEST44349742142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:17.105623007 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:17.105671883 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:17.105747938 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:17.106749058 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:17.106765032 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:17.424479961 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:17.471411943 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:17.527497053 CEST4434974713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.527904034 CEST49747443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.527970076 CEST4434974713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.528470039 CEST49747443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.528486013 CEST4434974713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.532358885 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.532711029 CEST49750443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.532742977 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.533133030 CEST49750443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.533138990 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.539135933 CEST4434974813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.539452076 CEST49748443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.539482117 CEST4434974813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.539865971 CEST49748443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.539874077 CEST4434974813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.547158957 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.547436953 CEST49749443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.547445059 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.548029900 CEST49749443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.548034906 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.555025101 CEST4434974613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.555401087 CEST49746443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.555413008 CEST4434974613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.555790901 CEST49746443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.555795908 CEST4434974613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.628966093 CEST4434974713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.629040956 CEST4434974713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.629096985 CEST49747443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.630117893 CEST49747443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.630161047 CEST4434974713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.630187988 CEST49747443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.630204916 CEST4434974713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.632234097 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.632263899 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.632313013 CEST49750443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.632345915 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.632436991 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.632482052 CEST49750443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.633209944 CEST49753443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.633236885 CEST4434975313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.633306980 CEST49753443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.633327961 CEST49750443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.633352995 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.633364916 CEST49750443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.633372068 CEST4434975013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.634654999 CEST49753443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.634666920 CEST4434975313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.636002064 CEST49754443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.636008978 CEST4434975413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.636060953 CEST49754443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.636281013 CEST49754443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.636290073 CEST4434975413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.638947964 CEST4434974813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.639101028 CEST4434974813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.640001059 CEST49748443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.640784025 CEST49748443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.640805006 CEST4434974813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.640822887 CEST49748443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.640830994 CEST4434974813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.642957926 CEST49755443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.643013000 CEST4434975513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.643086910 CEST49755443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.643203020 CEST49755443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.643219948 CEST4434975513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.649467945 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.649487972 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.649533033 CEST49749443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.649539948 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.649579048 CEST49749443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.649683952 CEST49749443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.649697065 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.649715900 CEST49749443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.649832964 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.649861097 CEST4434974913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.649893045 CEST49749443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.651506901 CEST49756443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.651611090 CEST4434975613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.651675940 CEST49756443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.651779890 CEST49756443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.651803017 CEST4434975613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.657155991 CEST4434974613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.657208920 CEST4434974613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.657269001 CEST49746443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.657277107 CEST4434974613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.657314062 CEST49746443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.657339096 CEST4434974613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.657408953 CEST49746443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.657423973 CEST4434974613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.659188032 CEST49757443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.659219980 CEST4434975713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.659271002 CEST49757443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.659370899 CEST49757443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:17.659380913 CEST4434975713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:17.698120117 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:17.698242903 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:17.698299885 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:17.698352098 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:17.698447943 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:17.698496103 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:17.698513031 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:17.698955059 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:17.699002981 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:17.699501038 CEST49715443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:21:17.699533939 CEST44349715142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:21:17.883652925 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:17.883728027 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:17.885322094 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:17.885332108 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:17.885658026 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:17.935754061 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:18.276071072 CEST4434975413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.276493073 CEST49754443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.276508093 CEST4434975413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.276952982 CEST49754443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.276957035 CEST4434975413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.288490057 CEST4434975513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.288850069 CEST49755443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.288881063 CEST4434975513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.289338112 CEST49755443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.289345026 CEST4434975513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.291011095 CEST4434975313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.291331053 CEST49753443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.291344881 CEST4434975313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.291709900 CEST49753443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.291713953 CEST4434975313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.302700043 CEST4434975713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.303055048 CEST49757443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.303073883 CEST4434975713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.303442955 CEST49757443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.303447008 CEST4434975713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.317543030 CEST4434975613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.317886114 CEST49756443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.317922115 CEST4434975613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.318450928 CEST49756443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.318456888 CEST4434975613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.592861891 CEST4434975413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593029022 CEST4434975513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593034983 CEST4434975413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593040943 CEST4434975313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593106031 CEST49754443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.593312025 CEST4434975713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593404055 CEST4434975613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593434095 CEST4434975513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593461990 CEST4434975313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593499899 CEST49754443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.593497992 CEST49755443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.593511105 CEST4434975413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593525887 CEST49753443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.593525887 CEST49754443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.593543053 CEST4434975413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593647003 CEST4434975613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.593753099 CEST49756443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.593986988 CEST4434975713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.594239950 CEST49757443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.594273090 CEST49757443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.594293118 CEST4434975713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.594305038 CEST49757443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.594310999 CEST4434975713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.594336033 CEST49753443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.594341040 CEST4434975313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.594371080 CEST49753443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.594372988 CEST4434975313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.596251965 CEST49755443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.596251965 CEST49755443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.596287012 CEST49756443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.596287012 CEST49756443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.596290112 CEST4434975513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.596314907 CEST4434975513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.596314907 CEST4434975613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.596329927 CEST4434975613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.599653959 CEST49762443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.599680901 CEST4434976213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.599741936 CEST49762443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.600210905 CEST49762443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.600225925 CEST4434976213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.601527929 CEST49763443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.601560116 CEST4434976313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.601634979 CEST49763443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.601897955 CEST49763443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.601912022 CEST4434976313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.603574991 CEST49764443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.603621006 CEST4434976413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.603734016 CEST49764443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.604094028 CEST49765443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.604114056 CEST4434976513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.604166031 CEST49765443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.605700016 CEST49766443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.605707884 CEST4434976613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.605757952 CEST49766443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.605886936 CEST49764443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.605916977 CEST4434976413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.605952024 CEST49765443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.605962992 CEST4434976513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.606065989 CEST49766443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:18.606076002 CEST4434976613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:18.622245073 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:18.667432070 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:18.875746965 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:18.875806093 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:18.875828981 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:18.875869036 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:18.875910044 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:18.876003981 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:18.876003981 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:18.876004934 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:18.876004934 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:18.876080036 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:18.876116991 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:18.876178026 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:18.876178026 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:18.876199007 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:18.876247883 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:18.876318932 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:19.252593040 CEST4434976313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.253372908 CEST49763443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.253400087 CEST4434976313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.253971100 CEST49763443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.253979921 CEST4434976313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.258900881 CEST4434976413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.259233952 CEST49764443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.259257078 CEST4434976413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.259645939 CEST49764443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.259653091 CEST4434976413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.261568069 CEST4434976613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.262819052 CEST4434976513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.264447927 CEST49766443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.264467001 CEST4434976613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.264899969 CEST49766443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.264904022 CEST4434976613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.265613079 CEST49765443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.265619040 CEST4434976513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.265989065 CEST49765443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.265994072 CEST4434976513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.270593882 CEST4434976213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.271080017 CEST49762443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.271100998 CEST4434976213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.271445990 CEST49762443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.271450996 CEST4434976213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.353305101 CEST4434976313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.353380919 CEST4434976313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.353446007 CEST49763443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.353652000 CEST49763443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.353677988 CEST4434976313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.353692055 CEST49763443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.353698969 CEST4434976313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.356323004 CEST49770443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.356364965 CEST4434977013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.356506109 CEST49770443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.356689930 CEST49770443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.356704950 CEST4434977013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.361258984 CEST4434976413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.361335993 CEST4434976413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.361906052 CEST49764443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.362070084 CEST4434976513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.362095118 CEST49764443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.362111092 CEST4434976413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.362291098 CEST4434976513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.362341881 CEST49765443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.362776041 CEST4434976613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.362847090 CEST4434976613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.363759995 CEST49766443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.364653111 CEST49766443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.364670992 CEST4434976613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.364686966 CEST49766443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.364691973 CEST4434976613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.376105070 CEST4434976213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.376176119 CEST4434976213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.376241922 CEST49762443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.377593040 CEST49762443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.377609015 CEST4434976213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.377624989 CEST49762443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.377629995 CEST4434976213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.378695965 CEST49765443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.378700972 CEST4434976513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.378710032 CEST49765443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.378715992 CEST4434976513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.387464046 CEST49772443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.387474060 CEST49771443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.387507915 CEST4434977113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.387510061 CEST4434977213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.387573957 CEST49771443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.387612104 CEST49772443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.389537096 CEST49773443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.389570951 CEST4434977313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.389630079 CEST49773443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.389727116 CEST49771443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.389739037 CEST4434977113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.389822006 CEST49773443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.389834881 CEST4434977313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.389935017 CEST49772443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.389950037 CEST4434977213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.391195059 CEST49774443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.391204119 CEST4434977413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.391272068 CEST49774443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.391402006 CEST49774443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:19.391406059 CEST4434977413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:19.544234037 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:19.544234037 CEST49751443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:21:19.544285059 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:19.544306993 CEST443497514.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:21:20.006613970 CEST4434977013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.007131100 CEST49770443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.007164001 CEST4434977013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.008789062 CEST49770443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.008810997 CEST4434977013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.050391912 CEST4434977213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.051044941 CEST49772443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.051071882 CEST4434977213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.051489115 CEST49772443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.051498890 CEST4434977213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.051783085 CEST4434977313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.052215099 CEST49773443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.052237988 CEST4434977313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.052906036 CEST49773443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.052911997 CEST4434977313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.055248022 CEST4434977113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.055603027 CEST49771443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.055624962 CEST4434977113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.056096077 CEST49771443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.056102037 CEST4434977113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.108314991 CEST4434977013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.108479977 CEST4434977013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.108541012 CEST49770443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.109601974 CEST49770443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.109632969 CEST4434977013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.109657049 CEST49770443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.109668970 CEST4434977013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.113471985 CEST49776443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.113521099 CEST4434977613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.113594055 CEST49776443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.113836050 CEST49776443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.113853931 CEST4434977613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.149533987 CEST4434977213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.149627924 CEST4434977213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.149683952 CEST49772443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.149825096 CEST49772443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.149841070 CEST4434977213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.149868965 CEST49772443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.149873972 CEST4434977213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.151108980 CEST4434977313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.151544094 CEST4434977313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.151663065 CEST49773443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.151663065 CEST49773443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.151691914 CEST49773443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.151706934 CEST4434977313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.152245045 CEST49777443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.152287960 CEST4434977713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.152422905 CEST49777443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.152580976 CEST49777443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.152594090 CEST4434977713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.153909922 CEST49778443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.153918028 CEST4434977813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.154088020 CEST49778443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.154207945 CEST49778443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.154212952 CEST4434977813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.157253027 CEST4434977113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.157340050 CEST4434977113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.157454014 CEST49771443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.157479048 CEST49771443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.157480001 CEST49771443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.157493114 CEST4434977113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.157505035 CEST4434977113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.160212994 CEST49779443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.160303116 CEST4434977913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.160830975 CEST49779443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.160939932 CEST49779443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.160955906 CEST4434977913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.788870096 CEST4434977713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.789336920 CEST49777443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.789366007 CEST4434977713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.790958881 CEST49777443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.790965080 CEST4434977713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.795773029 CEST4434977813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.799561977 CEST49778443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.799582005 CEST4434977813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.799981117 CEST49778443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.799985886 CEST4434977813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.889297962 CEST4434977713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.889430046 CEST4434977713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.889581919 CEST49777443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.889981031 CEST49777443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.889996052 CEST4434977713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.890016079 CEST49777443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.890021086 CEST4434977713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.894741058 CEST49780443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.894776106 CEST4434978013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.895050049 CEST49780443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.895333052 CEST49780443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.895347118 CEST4434978013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.897309065 CEST4434977813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.897440910 CEST4434977813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.897500038 CEST49778443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.897589922 CEST49778443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.897597075 CEST4434977813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.897607088 CEST49778443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.897609949 CEST4434977813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.899779081 CEST49781443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.899818897 CEST4434978113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:20.899903059 CEST49781443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.900012016 CEST49781443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:20.900019884 CEST4434978113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.546614885 CEST4434978113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.548898935 CEST49781443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.548945904 CEST4434978113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.552078962 CEST49781443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.552098036 CEST4434978113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.561937094 CEST4434978013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.562700033 CEST49780443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.562736034 CEST4434978013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.563827991 CEST49780443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.563833952 CEST4434978013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.648719072 CEST4434978113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.648777008 CEST4434978113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.648942947 CEST49781443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.649045944 CEST49781443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.649045944 CEST49781443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.649070978 CEST4434978113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.649081945 CEST4434978113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.651837111 CEST49782443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.651860952 CEST4434978213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.651956081 CEST49782443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.652124882 CEST49782443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.652138948 CEST4434978213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.666438103 CEST4434978013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.666584969 CEST4434978013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.666642904 CEST49780443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.666681051 CEST49780443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.666681051 CEST49780443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.666697025 CEST4434978013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.666704893 CEST4434978013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.669116974 CEST49783443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.669138908 CEST4434978313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:21.669281006 CEST49783443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.669401884 CEST49783443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:21.669414043 CEST4434978313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.125648022 CEST4434977413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.176033974 CEST49774443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.234548092 CEST4434977613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.250776052 CEST49774443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.250787020 CEST4434977413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.251218081 CEST49774443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.251223087 CEST4434977413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.252696991 CEST49776443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.252722025 CEST4434977613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.253398895 CEST49776443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.253406048 CEST4434977613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.276985884 CEST4434977913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.277651072 CEST49779443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.277678013 CEST4434977913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.278539896 CEST49779443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.278548002 CEST4434977913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.315152884 CEST4434978213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.315514088 CEST49782443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.315542936 CEST4434978213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.315928936 CEST49782443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.315934896 CEST4434978213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.354927063 CEST4434977613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.355012894 CEST4434977613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.355182886 CEST4434978313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.355209112 CEST49776443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.355210066 CEST49776443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.355210066 CEST49776443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.355583906 CEST49783443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.355602980 CEST4434978313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.355979919 CEST49783443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.355986118 CEST4434978313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.358324051 CEST49784443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.358375072 CEST4434978413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.358599901 CEST49784443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.358695030 CEST49784443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.358702898 CEST4434978413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.384082079 CEST4434977413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.384227037 CEST4434977413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.384282112 CEST49774443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.384742975 CEST4434977913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.384759903 CEST49774443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.384759903 CEST49774443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.384778976 CEST4434977413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.384789944 CEST4434977413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.384876013 CEST4434977913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.384975910 CEST49779443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.385030985 CEST49779443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.385030985 CEST49779443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.385071993 CEST4434977913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.385099888 CEST4434977913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.387777090 CEST49785443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.387819052 CEST4434978513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.387918949 CEST49786443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.387918949 CEST49785443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.387928009 CEST4434978613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.387981892 CEST49786443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.388008118 CEST49785443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.388020039 CEST4434978513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.388123989 CEST49786443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.388139009 CEST4434978613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.416508913 CEST4434978213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.416560888 CEST4434978213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.416620970 CEST49782443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.416778088 CEST49782443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.416798115 CEST4434978213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.416811943 CEST49782443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.416820049 CEST4434978213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.419739962 CEST49787443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.419783115 CEST4434978713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.419899940 CEST49787443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.420056105 CEST49787443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.420067072 CEST4434978713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.461647034 CEST4434978313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.461801052 CEST4434978313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.462016106 CEST49783443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.462544918 CEST49783443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.462559938 CEST4434978313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.462692976 CEST49783443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.462698936 CEST4434978313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.466919899 CEST49788443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.466981888 CEST4434978813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.467138052 CEST49788443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.467490911 CEST49788443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.467508078 CEST4434978813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.654654026 CEST49776443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:22.654706955 CEST4434977613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:22.860781908 CEST49789443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:22.860836983 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:22.860909939 CEST49789443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:22.861227989 CEST49789443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:22.861243010 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:23.011863947 CEST4434978413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.012481928 CEST49784443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.012506962 CEST4434978413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.012928009 CEST49784443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.012933969 CEST4434978413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.056443930 CEST4434978613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.057024002 CEST49786443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.057102919 CEST4434978613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.057651997 CEST49786443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.057668924 CEST4434978613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.067312002 CEST4434978513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.067851067 CEST49785443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.067876101 CEST4434978513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.068279982 CEST49785443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.068286896 CEST4434978513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.079746962 CEST4434978713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.080245972 CEST49787443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.080262899 CEST4434978713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.080574989 CEST49787443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.080580950 CEST4434978713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.108438015 CEST4434978813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.108932018 CEST49788443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.108957052 CEST4434978813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.109328985 CEST49788443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.109333992 CEST4434978813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.114250898 CEST4434978413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.114342928 CEST4434978413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.114388943 CEST49784443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.114551067 CEST49784443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.114578009 CEST4434978413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.114588976 CEST49784443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.114595890 CEST4434978413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.117193937 CEST49790443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.117242098 CEST4434979013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.117322922 CEST49790443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.117466927 CEST49790443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.117480993 CEST4434979013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.160832882 CEST4434978613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.160914898 CEST4434978613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.160974026 CEST49786443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.163002968 CEST49786443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.163002968 CEST49786443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.163053036 CEST4434978613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.163080931 CEST4434978613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.166935921 CEST49791443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.166996002 CEST4434979113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.167156935 CEST49791443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.167371035 CEST49791443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.167382002 CEST4434979113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.173130989 CEST4434978513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.173213959 CEST4434978513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.173280954 CEST49785443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.177953959 CEST49785443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.177954912 CEST49785443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.177977085 CEST4434978513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.177998066 CEST4434978513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.180483103 CEST49792443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.180537939 CEST4434979213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.180613041 CEST49792443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.180736065 CEST49792443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.180753946 CEST4434979213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.182885885 CEST4434978713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.182960987 CEST4434978713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.183005095 CEST49787443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.183254004 CEST49787443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.183254004 CEST49787443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.183269978 CEST4434978713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.183279037 CEST4434978713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.185714960 CEST49793443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.185750008 CEST4434979313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.185817003 CEST49793443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.186363935 CEST49793443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.186378002 CEST4434979313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.208483934 CEST4434978813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.208559990 CEST4434978813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.208601952 CEST49788443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.208700895 CEST49788443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.208714008 CEST4434978813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.208724022 CEST49788443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.208729029 CEST4434978813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.210623980 CEST49794443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.210642099 CEST4434979413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.210711956 CEST49794443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.210850000 CEST49794443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.210865021 CEST4434979413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.500782967 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:23.501126051 CEST49789443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:23.501152992 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:23.502368927 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:23.502717972 CEST49789443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:23.502866983 CEST49789443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:23.502872944 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:23.502886057 CEST49789443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:23.502888918 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:23.545279980 CEST49789443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:23.545305967 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:23.748459101 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:23.750144958 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:23.750201941 CEST49789443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:23.750983000 CEST49789443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:23.751002073 CEST44349789142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:23.759442091 CEST4434979013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.760061026 CEST49790443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.760090113 CEST4434979013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.760526896 CEST49790443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.760534048 CEST4434979013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.828104019 CEST4434979113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.828818083 CEST49791443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.828847885 CEST4434979113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.829313993 CEST49791443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.829320908 CEST4434979113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.853873968 CEST4434979313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.854821920 CEST49793443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.854829073 CEST4434979213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.854847908 CEST4434979313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.855648994 CEST49793443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.855654955 CEST4434979313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.856021881 CEST49792443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.856054068 CEST4434979213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.856543064 CEST49792443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.856549025 CEST4434979213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.861069918 CEST4434979013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.861149073 CEST4434979013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.861341000 CEST49790443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.868011951 CEST49790443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.868027925 CEST4434979013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.868042946 CEST49790443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.868050098 CEST4434979013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.875359058 CEST49795443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.875411987 CEST4434979513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.876544952 CEST49795443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.877204895 CEST49795443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.877216101 CEST4434979513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.879228115 CEST4434979413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.882131100 CEST49794443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.882148981 CEST4434979413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.883222103 CEST49794443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.883227110 CEST4434979413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.929873943 CEST4434979113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.929955959 CEST4434979113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.930032969 CEST49791443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.930263042 CEST49791443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.930283070 CEST4434979113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.930306911 CEST49791443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.930313110 CEST4434979113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.933684111 CEST49796443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.933715105 CEST4434979613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.933806896 CEST49796443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.934106112 CEST49796443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.934119940 CEST4434979613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.966346979 CEST4434979313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.966406107 CEST4434979313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.966408968 CEST4434979213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.966465950 CEST49793443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.966478109 CEST4434979213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.966517925 CEST49792443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.966789007 CEST49793443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.966803074 CEST4434979313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.966813087 CEST49793443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.966816902 CEST4434979313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.970746040 CEST49792443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.970758915 CEST4434979213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.970773935 CEST49792443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.970779896 CEST4434979213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.977566004 CEST49797443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.977638960 CEST4434979713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.977777004 CEST49797443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.978615046 CEST49798443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.978625059 CEST4434979813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.978688002 CEST49798443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.978993893 CEST49797443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.979007006 CEST4434979713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.979516029 CEST49798443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.979526043 CEST4434979813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.986054897 CEST4434979413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.986123085 CEST4434979413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.986387968 CEST49794443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.986413002 CEST49794443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.986413002 CEST49794443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.986418009 CEST4434979413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.986433029 CEST4434979413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.989861012 CEST49799443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.989900112 CEST4434979913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:23.990130901 CEST49799443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.990216017 CEST49799443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:23.990226030 CEST4434979913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.605308056 CEST4434979513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.654769897 CEST49795443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.730437040 CEST4434979613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.746695042 CEST49795443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.746727943 CEST4434979513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.747189045 CEST49795443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.747201920 CEST4434979513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.747612953 CEST49796443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.747633934 CEST4434979613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.747929096 CEST49796443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.747935057 CEST4434979613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.761837959 CEST4434979713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.762398005 CEST49797443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.762450933 CEST4434979713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.762888908 CEST49797443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.762901068 CEST4434979713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.780145884 CEST4434979813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.780307055 CEST4434979913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.781111956 CEST49798443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.781126976 CEST4434979813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.781307936 CEST49799443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.781332970 CEST4434979913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.781939983 CEST49798443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.781950951 CEST4434979813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.781972885 CEST49799443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.781985998 CEST4434979913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.844650030 CEST4434979613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.844822884 CEST4434979613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.844903946 CEST49796443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.845058918 CEST49796443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.845083952 CEST4434979613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.845096111 CEST49796443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.845102072 CEST4434979613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.848086119 CEST49800443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.848153114 CEST4434980013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.848237991 CEST49800443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.848452091 CEST49800443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.848460913 CEST4434980013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.852030993 CEST4434979513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.852101088 CEST4434979513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.852196932 CEST49795443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.852262020 CEST49795443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.852283955 CEST4434979513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.852298975 CEST49795443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.852305889 CEST4434979513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.854603052 CEST49801443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.854646921 CEST4434980113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.854731083 CEST49801443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.854837894 CEST49801443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.854850054 CEST4434980113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.860913038 CEST4434979713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.861010075 CEST4434979713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.861124992 CEST49797443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.861150980 CEST49797443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.861166000 CEST4434979713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.863549948 CEST49802443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.863559961 CEST4434980213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.863821030 CEST49802443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.863821030 CEST49802443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.863842964 CEST4434980213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.879928112 CEST4434979913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.880081892 CEST4434979913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.880151033 CEST49799443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.880208015 CEST49799443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.880224943 CEST4434979913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.880237103 CEST49799443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.880243063 CEST4434979913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.882814884 CEST49803443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.882849932 CEST4434980313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.883030891 CEST49803443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.883228064 CEST49803443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.883248091 CEST4434980313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.883923054 CEST4434979813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.883981943 CEST4434979813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.884062052 CEST49798443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.884193897 CEST49798443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.884216070 CEST4434979813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.884227991 CEST49798443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.884233952 CEST4434979813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.886297941 CEST49804443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.886393070 CEST4434980413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:24.886579037 CEST49804443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.886744976 CEST49804443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:24.886780024 CEST4434980413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.508451939 CEST4434980213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.508960962 CEST4434980113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.508996010 CEST49802443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.509022951 CEST4434980213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.509428978 CEST49801443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.509437084 CEST4434980113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.509495974 CEST49802443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.509500980 CEST4434980213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.510047913 CEST49801443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.510051012 CEST4434980113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.526242971 CEST4434980313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.526770115 CEST49803443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.526808977 CEST4434980313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.527188063 CEST49803443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.527196884 CEST4434980313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.536082029 CEST4434980013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.536489010 CEST49800443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.536514997 CEST4434980013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.536864996 CEST49800443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.536873102 CEST4434980013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.550189018 CEST4434980413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.550607920 CEST49804443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.550668001 CEST4434980413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.550997972 CEST49804443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.551012039 CEST4434980413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.610234976 CEST4434980113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.610290051 CEST4434980213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.610295057 CEST4434980113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.610372066 CEST4434980213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.610375881 CEST49801443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.610426903 CEST49802443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.610568047 CEST49801443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.610589027 CEST4434980113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.610600948 CEST49801443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.610606909 CEST4434980113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.610747099 CEST49802443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.610750914 CEST4434980213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.610761881 CEST49802443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.610764980 CEST4434980213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.614082098 CEST49805443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.614118099 CEST4434980513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.614223957 CEST49805443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.614351988 CEST49805443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.614363909 CEST4434980513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.614588976 CEST49806443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.614602089 CEST4434980613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.614660978 CEST49806443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.614855051 CEST49806443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.614861965 CEST4434980613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.626866102 CEST4434980313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.626938105 CEST4434980313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.627003908 CEST49803443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.627278090 CEST49803443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.627298117 CEST4434980313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.627310038 CEST49803443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.627314091 CEST4434980313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.629853010 CEST49807443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.629889011 CEST4434980713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.630037069 CEST49807443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.630270958 CEST49807443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.630284071 CEST4434980713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.647784948 CEST4434980013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.647936106 CEST4434980013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.647989988 CEST49800443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.648055077 CEST49800443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.648075104 CEST49800443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.648072004 CEST4434980013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.648086071 CEST4434980013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.651190042 CEST49808443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.651227951 CEST4434980813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.651299000 CEST49808443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.651421070 CEST49808443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.651434898 CEST4434980813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.658171892 CEST4434980413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.658320904 CEST4434980413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.658387899 CEST49804443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.658437967 CEST49804443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.658437967 CEST49804443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.658463955 CEST4434980413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.658485889 CEST4434980413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.661048889 CEST49809443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.661088943 CEST4434980913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:25.661150932 CEST49809443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.661259890 CEST49809443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:25.661273956 CEST4434980913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.328989029 CEST4434980513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.329575062 CEST49805443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.329591990 CEST4434980513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.330080032 CEST49805443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.330087900 CEST4434980513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.330921888 CEST4434980813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.331295013 CEST49808443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.331310987 CEST4434980813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.331943989 CEST49808443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.331949949 CEST4434980813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.332552910 CEST4434980613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.333218098 CEST49806443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.333230019 CEST4434980613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.333831072 CEST49806443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.333837032 CEST4434980613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.337471008 CEST4434980713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.337809086 CEST49807443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.337836981 CEST4434980713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.338397980 CEST49807443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.338411093 CEST4434980713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.344266891 CEST4434980913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.344630957 CEST49809443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.344650984 CEST4434980913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.345065117 CEST49809443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.345069885 CEST4434980913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.430591106 CEST4434980813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.430681944 CEST4434980813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.430850029 CEST49808443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.431018114 CEST49808443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.431035042 CEST4434980813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.431070089 CEST49808443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.431075096 CEST4434980813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.432564974 CEST4434980613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.432637930 CEST4434980613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.432898045 CEST49806443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.434247017 CEST49810443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.434298038 CEST4434981013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.434489965 CEST49806443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.434509039 CEST4434980613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.434521914 CEST49806443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.434529066 CEST4434980613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.434545994 CEST49810443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.436184883 CEST49810443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.436196089 CEST4434981013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.437834024 CEST49811443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.437856913 CEST4434981113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.438059092 CEST49811443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.438229084 CEST49811443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.438239098 CEST4434981113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.439934969 CEST4434980713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.440005064 CEST4434980713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.440210104 CEST49807443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.440352917 CEST49807443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.440395117 CEST4434980713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.440431118 CEST49807443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.440448046 CEST4434980713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.442842960 CEST49812443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.442878008 CEST4434981213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.443644047 CEST49812443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.443761110 CEST49812443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.443773985 CEST4434981213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.451503992 CEST4434980913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.451567888 CEST4434980913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.451939106 CEST49809443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.452203035 CEST49809443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.452213049 CEST4434980913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.452224016 CEST49809443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.452229023 CEST4434980913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.454973936 CEST49813443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.455023050 CEST4434981313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.455646038 CEST49813443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.455775023 CEST49813443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.455787897 CEST4434981313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.520596027 CEST4434980513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.520677090 CEST4434980513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.520962954 CEST49805443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.521003962 CEST49805443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.521003962 CEST49805443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.521025896 CEST4434980513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.521035910 CEST4434980513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.524055958 CEST49814443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.524085045 CEST4434981413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:26.524390936 CEST49814443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.524590015 CEST49814443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:26.524600983 CEST4434981413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.073411942 CEST4434981013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.075342894 CEST49810443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.075365067 CEST4434981013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.076021910 CEST49810443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.076028109 CEST4434981013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.076175928 CEST4434981113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.076792955 CEST49811443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.076821089 CEST4434981113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.077975035 CEST49811443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.077981949 CEST4434981113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.090941906 CEST4434981213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.091483116 CEST49812443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.091521978 CEST4434981213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.092329979 CEST49812443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.092339039 CEST4434981213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.108635902 CEST4434981313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.109582901 CEST49813443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.109616041 CEST4434981313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.110192060 CEST49813443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.110199928 CEST4434981313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.174032927 CEST4434981413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.174489975 CEST49814443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.174504042 CEST4434981413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.175169945 CEST49814443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.175175905 CEST4434981413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.175183058 CEST4434981013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.175242901 CEST4434981013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.175308943 CEST49810443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.175472021 CEST49810443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.175488949 CEST4434981013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.175501108 CEST49810443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.175506115 CEST4434981013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.178540945 CEST49815443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.178569078 CEST4434981513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.178673029 CEST49815443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.178838015 CEST49815443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.178843975 CEST4434981513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.179781914 CEST4434981113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.179930925 CEST4434981113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.179995060 CEST49811443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.180016994 CEST49811443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.180035114 CEST4434981113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.180044889 CEST49811443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.180052042 CEST4434981113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.182377100 CEST49816443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.182404995 CEST4434981613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.182487011 CEST49816443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.182611942 CEST49816443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.182626009 CEST4434981613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.192365885 CEST4434981213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.192441940 CEST4434981213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.192492962 CEST49812443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.192668915 CEST49812443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.192677975 CEST4434981213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.192688942 CEST49812443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.192692995 CEST4434981213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.195874929 CEST49817443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.195965052 CEST4434981713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.196048021 CEST49817443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.196264982 CEST49817443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.196304083 CEST4434981713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.281246901 CEST4434981313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.281354904 CEST4434981313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.281421900 CEST49813443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.281692982 CEST49813443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.281722069 CEST4434981313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.281732082 CEST49813443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.281737089 CEST4434981313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.287005901 CEST49818443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.287072897 CEST4434981813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.287192106 CEST49818443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.287281036 CEST49818443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.287296057 CEST4434981813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.310282946 CEST4434981413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.310451984 CEST4434981413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.310502052 CEST49814443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.311072111 CEST49814443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.311072111 CEST49814443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.311081886 CEST4434981413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.311088085 CEST4434981413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.316009045 CEST49819443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.316046000 CEST4434981913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.316102982 CEST49819443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.316411972 CEST49819443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.316430092 CEST4434981913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.821227074 CEST4434981613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.821778059 CEST49816443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.821791887 CEST4434981613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.822197914 CEST49816443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.822208881 CEST4434981613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.834986925 CEST4434981513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.835490942 CEST49815443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.835516930 CEST4434981513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.835892916 CEST49815443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.835899115 CEST4434981513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.848793030 CEST4434981713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.849131107 CEST49817443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.849208117 CEST4434981713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.849559069 CEST49817443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.849574089 CEST4434981713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.921734095 CEST4434981613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.921821117 CEST4434981613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.921943903 CEST49816443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.922007084 CEST49816443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.922007084 CEST49816443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.922024965 CEST4434981613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.922034025 CEST4434981613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.925086975 CEST49820443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.925137043 CEST4434982013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.925204992 CEST49820443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.925345898 CEST49820443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.925355911 CEST4434982013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.927109957 CEST4434981813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.927494049 CEST49818443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.927575111 CEST4434981813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.927895069 CEST49818443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.927911043 CEST4434981813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.934171915 CEST4434981513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.934235096 CEST4434981513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.934290886 CEST49815443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.934434891 CEST49815443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.934453011 CEST4434981513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.934463024 CEST49815443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.934468985 CEST4434981513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.939973116 CEST49821443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.940023899 CEST4434982113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.940090895 CEST49821443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.940236092 CEST49821443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.940252066 CEST4434982113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.958223104 CEST4434981713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.958302975 CEST4434981713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.958502054 CEST49817443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.958719969 CEST49817443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.958756924 CEST4434981713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.958784103 CEST49817443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.958797932 CEST4434981713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.962883949 CEST49822443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.962898970 CEST4434982213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.962961912 CEST49822443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.965356112 CEST4434981913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.968194962 CEST49819443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.968219042 CEST4434981913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.969460964 CEST49819443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.969466925 CEST4434981913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:27.971132994 CEST49822443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:27.971152067 CEST4434982213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.036781073 CEST4434981813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.036871910 CEST4434981813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.036930084 CEST49818443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.037055016 CEST49818443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.037076950 CEST4434981813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.037091970 CEST49818443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.037097931 CEST4434981813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.039516926 CEST49823443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.039558887 CEST4434982313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.039618969 CEST49823443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.039778948 CEST49823443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.039791107 CEST4434982313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.065931082 CEST4434981913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.066076994 CEST4434981913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.066222906 CEST49819443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.066389084 CEST49819443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.066389084 CEST49819443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.066410065 CEST4434981913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.066418886 CEST4434981913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.068707943 CEST49824443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.068722963 CEST4434982413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.068780899 CEST49824443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.068903923 CEST49824443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.068909883 CEST4434982413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.271120071 CEST5933653192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:28.276540041 CEST53593361.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:28.276635885 CEST5933653192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:28.281693935 CEST53593361.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:28.720572948 CEST4434982013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.721271992 CEST49820443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.721297026 CEST4434982013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.721744061 CEST49820443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.721749067 CEST4434982013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.731714010 CEST4434982113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.732111931 CEST49821443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.732142925 CEST4434982113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.732652903 CEST49821443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.732660055 CEST4434982113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.744754076 CEST5933653192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:28.749954939 CEST53593361.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:28.750040054 CEST5933653192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:28.769567013 CEST4434982213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.769992113 CEST49822443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.770009041 CEST4434982213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.770437002 CEST49822443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.770442009 CEST4434982213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.832745075 CEST4434982113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.832825899 CEST4434982113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.833425999 CEST49821443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.833606958 CEST49821443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.833623886 CEST4434982113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.833635092 CEST49821443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.833640099 CEST4434982113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.836185932 CEST59337443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.836235046 CEST4435933713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.837316990 CEST59337443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.837505102 CEST59337443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.837513924 CEST4435933713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.839066029 CEST4434982013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.839159012 CEST4434982013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.842817068 CEST49820443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.842942953 CEST49820443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.842963934 CEST4434982013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.842974901 CEST49820443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.842979908 CEST4434982013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.845029116 CEST59338443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.845043898 CEST4435933813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.847414017 CEST59338443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.847516060 CEST59338443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.847524881 CEST4435933813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.855688095 CEST4434982313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.858098030 CEST49823443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.858114004 CEST4434982313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.858467102 CEST49823443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.858470917 CEST4434982313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.864954948 CEST4434982413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.867714882 CEST49824443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.867732048 CEST4434982413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.868067026 CEST49824443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.868071079 CEST4434982413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.875262022 CEST4434982213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.875433922 CEST4434982213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.877814054 CEST49822443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.877845049 CEST49822443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.877851963 CEST4434982213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.877861023 CEST49822443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.877863884 CEST4434982213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.879993916 CEST59339443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.880033016 CEST4435933913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.883377075 CEST59339443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.883475065 CEST59339443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.883486032 CEST4435933913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.969391108 CEST4434982313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.969491005 CEST4434982313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.971118927 CEST49823443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.971344948 CEST49823443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.971358061 CEST4434982313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.971369028 CEST49823443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.971374035 CEST4434982313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.972532988 CEST4434982413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.972672939 CEST4434982413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.973819017 CEST59340443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.973838091 CEST4435934013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.973856926 CEST49824443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.973912001 CEST59340443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.974028111 CEST49824443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.974035025 CEST4434982413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.974042892 CEST49824443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.974047899 CEST4434982413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.974284887 CEST59340443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.974301100 CEST4435934013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.976084948 CEST59341443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.976110935 CEST4435934113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:28.976222038 CEST59341443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.976378918 CEST59341443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:28.976391077 CEST4435934113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.475809097 CEST4435933713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.476397991 CEST59337443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.476421118 CEST4435933713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.476840019 CEST59337443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.476847887 CEST4435933713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.513350010 CEST4435933813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.513977051 CEST59338443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.513994932 CEST4435933813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.514400959 CEST59338443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.514408112 CEST4435933813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.559811115 CEST4435933913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.560544968 CEST59339443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.560609102 CEST4435933913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.561167002 CEST59339443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.561182976 CEST4435933913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.579914093 CEST4435933713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.579973936 CEST4435933713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.580146074 CEST59337443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.580221891 CEST59337443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.580252886 CEST4435933713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.580267906 CEST59337443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.580276012 CEST4435933713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.583024025 CEST59342443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.583081961 CEST4435934213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.583159924 CEST59342443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.583287001 CEST59342443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.583302021 CEST4435934213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.619558096 CEST4435933813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.619668007 CEST4435933813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.619715929 CEST59338443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.619875908 CEST59338443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.619889021 CEST4435933813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.619899035 CEST59338443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.619904995 CEST4435933813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.622697115 CEST59343443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.622745037 CEST4435934313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.622827053 CEST59343443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.623826981 CEST59343443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.623845100 CEST4435934313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.636081934 CEST4435934113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.636538982 CEST59341443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.636570930 CEST4435934113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.637042999 CEST59341443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.637048960 CEST4435934113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.645697117 CEST4435934013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.646121025 CEST59340443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.646138906 CEST4435934013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.646635056 CEST59340443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.646640062 CEST4435934013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.666001081 CEST4435933913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.666088104 CEST4435933913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.666141033 CEST59339443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.666306019 CEST59339443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.666306019 CEST59339443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.666326046 CEST4435933913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.666342974 CEST4435933913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.669116020 CEST59344443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.669161081 CEST4435934413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.669248104 CEST59344443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.669430971 CEST59344443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.669445038 CEST4435934413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.741884947 CEST4435934113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.741978884 CEST4435934113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.742032051 CEST59341443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.742223978 CEST59341443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.742223978 CEST59341443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.742244959 CEST4435934113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.742254019 CEST4435934113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.744914055 CEST59345443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.744960070 CEST4435934513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.745032072 CEST59345443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.745147943 CEST59345443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.745158911 CEST4435934513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.756997108 CEST4435934013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.757071972 CEST4435934013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.757122040 CEST59340443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.757276058 CEST59340443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.757293940 CEST4435934013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.757327080 CEST59340443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.757333040 CEST4435934013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.759820938 CEST59346443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.759855986 CEST4435934613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:29.759922981 CEST59346443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.760061979 CEST59346443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:29.760071039 CEST4435934613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.255990982 CEST4435934213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.256515026 CEST59342443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.256553888 CEST4435934213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.256956100 CEST59342443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.256961107 CEST4435934213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.294111967 CEST4435934313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.294615984 CEST59343443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.294652939 CEST4435934313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.295583010 CEST59343443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.295592070 CEST4435934313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.335364103 CEST4435934413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.335800886 CEST59344443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.335830927 CEST4435934413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.336205959 CEST59344443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.336213112 CEST4435934413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.360821962 CEST4435934213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.360894918 CEST4435934213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.360979080 CEST59342443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.365569115 CEST59342443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.365603924 CEST4435934213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.365618944 CEST59342443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.365627050 CEST4435934213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.369268894 CEST59347443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.369313955 CEST4435934713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.369637012 CEST59347443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.369961023 CEST59347443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.369975090 CEST4435934713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.382586002 CEST4435934513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.383090973 CEST59345443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.383125067 CEST4435934513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.383577108 CEST59345443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.383582115 CEST4435934513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.398490906 CEST4435934313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.398582935 CEST4435934313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.398643970 CEST59343443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.398830891 CEST59343443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.398849964 CEST4435934313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.398863077 CEST59343443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.398868084 CEST4435934313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.401293993 CEST59348443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.401329994 CEST4435934813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.401458979 CEST59348443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.401607037 CEST59348443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.401618958 CEST4435934813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.420710087 CEST4435934613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.421268940 CEST59346443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.421292067 CEST4435934613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.421894073 CEST59346443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.421907902 CEST4435934613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.436955929 CEST4435934413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.436984062 CEST4435934413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.437048912 CEST4435934413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.437055111 CEST59344443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.437091112 CEST59344443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.437243938 CEST59344443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.437259912 CEST4435934413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.437269926 CEST59344443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.437274933 CEST4435934413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.439641953 CEST59349443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.439685106 CEST4435934913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.439759970 CEST59349443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.439882994 CEST59349443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.439894915 CEST4435934913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.485959053 CEST4435934513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.486119986 CEST4435934513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.486295938 CEST59345443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.488820076 CEST59345443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.488820076 CEST59345443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.488838911 CEST59350443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.488850117 CEST4435934513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.488861084 CEST4435934513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.488878965 CEST4435935013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.488964081 CEST59350443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.489094019 CEST59350443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.489104033 CEST4435935013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.978704929 CEST4435934613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.978919029 CEST4435934613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.979052067 CEST59346443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.979052067 CEST59346443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.979053020 CEST59346443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.981710911 CEST59351443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.981749058 CEST4435935113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:30.981816053 CEST59351443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.981959105 CEST59351443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:30.981970072 CEST4435935113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.047765017 CEST4435934813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.048357010 CEST59348443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.048382044 CEST4435934813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.048906088 CEST59348443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.048911095 CEST4435934813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.053828955 CEST4435934713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.054189920 CEST59347443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.054212093 CEST4435934713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.054392099 CEST59347443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.054395914 CEST4435934713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.096784115 CEST4435934913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.097459078 CEST59349443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.097537994 CEST4435934913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.097866058 CEST59349443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.097875118 CEST4435934913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.150847912 CEST4435935013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.151529074 CEST59350443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.151595116 CEST4435935013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.151896000 CEST59350443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.151910067 CEST4435935013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.154186010 CEST4435934813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.154216051 CEST4435934813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.154284000 CEST4435934813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.154315948 CEST59348443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.154350042 CEST59348443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.154566050 CEST59348443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.154582024 CEST4435934813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.154616117 CEST59348443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.154620886 CEST4435934813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.156980991 CEST4435934713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.157047033 CEST4435934713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.157164097 CEST4435934713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.157224894 CEST59347443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.157257080 CEST59347443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.157265902 CEST4435934713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.157299042 CEST59347443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.157304049 CEST4435934713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.157303095 CEST59352443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.157346010 CEST4435935213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.158927917 CEST59353443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.158965111 CEST4435935313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.158972979 CEST59352443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.159105062 CEST59352443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.159118891 CEST4435935213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.159137011 CEST59353443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.159274101 CEST59353443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.159287930 CEST4435935313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.197628975 CEST4435934913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.197689056 CEST4435934913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.198013067 CEST59349443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.198024035 CEST4435934913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.198086023 CEST59349443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.198129892 CEST59349443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.198153019 CEST4435934913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.198163033 CEST59349443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.198168993 CEST4435934913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.200520992 CEST59354443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.200552940 CEST4435935413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.200615883 CEST59354443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.200737000 CEST59354443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.200751066 CEST4435935413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.252490997 CEST4435935013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.252988100 CEST4435935013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.253437996 CEST59350443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.253489017 CEST59350443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.253489017 CEST59350443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.253514051 CEST4435935013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.253525019 CEST4435935013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.255738974 CEST59355443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.255769014 CEST4435935513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.255851030 CEST59355443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.255958080 CEST59355443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.255965948 CEST4435935513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.279328108 CEST59346443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.279412985 CEST4435934613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.631342888 CEST4435935113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.686526060 CEST59351443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.698263884 CEST59351443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.698280096 CEST4435935113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.698780060 CEST59351443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.698791027 CEST4435935113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.795455933 CEST4435935113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.795625925 CEST4435935113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.795783997 CEST59351443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.795988083 CEST59351443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.795988083 CEST59351443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.796006918 CEST4435935113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.796015024 CEST4435935113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.799556017 CEST59356443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.799597979 CEST4435935613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.799666882 CEST59356443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.799835920 CEST59356443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.799848080 CEST4435935613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.830332994 CEST4435935213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.830684900 CEST59352443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.830712080 CEST4435935213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.831099033 CEST59352443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.831105947 CEST4435935213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.834053040 CEST4435935313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.834356070 CEST59353443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.834379911 CEST4435935313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.834728003 CEST59353443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.834733009 CEST4435935313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.928292036 CEST4435935513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.930418015 CEST59355443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.930435896 CEST4435935513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.930807114 CEST59355443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.930810928 CEST4435935513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.936367989 CEST4435935313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.936454058 CEST4435935313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.936517954 CEST59353443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.936865091 CEST59353443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.936877966 CEST4435935313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.936914921 CEST59353443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.936920881 CEST4435935313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.937138081 CEST4435935213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.937505960 CEST4435935213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.939352989 CEST59357443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.939374924 CEST59352443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.939399004 CEST4435935713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.939435005 CEST59352443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.939449072 CEST4435935213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.939471006 CEST59357443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.939596891 CEST59357443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.939610958 CEST4435935713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.941399097 CEST59358443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.941421032 CEST4435935813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:31.941507101 CEST59358443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.941622019 CEST59358443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:31.941648006 CEST4435935813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.035811901 CEST4435935513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.035984039 CEST4435935513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.036119938 CEST59355443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.036284924 CEST59355443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.036304951 CEST4435935513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.036336899 CEST59355443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.036341906 CEST4435935513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.038603067 CEST59359443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.038639069 CEST4435935913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.038712978 CEST59359443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.038832903 CEST59359443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.038837910 CEST4435935913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.059573889 CEST4435935413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.061806917 CEST59354443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.061830044 CEST4435935413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.062613010 CEST59354443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.062617064 CEST4435935413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.159960032 CEST4435935413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.160232067 CEST4435935413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.160301924 CEST59354443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.160362959 CEST59354443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.160373926 CEST4435935413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.160384893 CEST59354443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.160389900 CEST4435935413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.162678957 CEST59360443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.162714958 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.162786961 CEST59360443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.162906885 CEST59360443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.162918091 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.473367929 CEST4435935613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.473869085 CEST59356443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.473891020 CEST4435935613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.474273920 CEST59356443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.474281073 CEST4435935613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.577665091 CEST4435935613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.577828884 CEST4435935613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.577888966 CEST59356443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.578016043 CEST59356443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.578030109 CEST4435935613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.578038931 CEST59356443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.578044891 CEST4435935613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.580363989 CEST59361443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.580425024 CEST4435936113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.580527067 CEST59361443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.580640078 CEST59361443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.580657005 CEST4435936113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.585550070 CEST4435935713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.585833073 CEST59357443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.585865974 CEST4435935713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.586177111 CEST59357443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.586189032 CEST4435935713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.613877058 CEST4435935813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.614367962 CEST59358443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.614402056 CEST4435935813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.614747047 CEST59358443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.614759922 CEST4435935813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.676825047 CEST4435935913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.677129030 CEST59359443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.677145958 CEST4435935913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.677522898 CEST59359443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.677531004 CEST4435935913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.687772989 CEST4435935713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.688019037 CEST4435935713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.688076019 CEST59357443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.688129902 CEST59357443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.688129902 CEST59357443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.688162088 CEST4435935713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.688194036 CEST4435935713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.690427065 CEST59362443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.690460920 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.690526009 CEST59362443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.690648079 CEST59362443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.690660954 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.718841076 CEST4435935813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.719021082 CEST4435935813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.719069958 CEST59358443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.719100952 CEST59358443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.719120979 CEST4435935813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.719142914 CEST59358443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.719155073 CEST4435935813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.721029043 CEST59363443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.721055031 CEST4435936313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.721113920 CEST59363443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.721231937 CEST59363443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.721245050 CEST4435936313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.776813030 CEST4435935913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.777024031 CEST4435935913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.777112007 CEST59359443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.777143955 CEST59359443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.777143955 CEST59359443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.777160883 CEST4435935913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.777168036 CEST4435935913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.779161930 CEST59364443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.779206991 CEST4435936413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.779263973 CEST59364443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.779539108 CEST59364443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.779557943 CEST4435936413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.800915003 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.801348925 CEST59360443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.801367044 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.801779032 CEST59360443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.801784039 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.901372910 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.901459932 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.901520014 CEST59360443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.901532888 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.901581049 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.901628017 CEST59360443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.901706934 CEST59360443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.901717901 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.901726961 CEST59360443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.901731014 CEST4435936013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.904067993 CEST59365443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.904098988 CEST4435936513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:32.904172897 CEST59365443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.904287100 CEST59365443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:32.904294014 CEST4435936513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.401015997 CEST4435936113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.401498079 CEST59361443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.401540995 CEST4435936113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.401962996 CEST59361443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.401969910 CEST4435936113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.459253073 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.459700108 CEST59362443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.459738970 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.460083961 CEST59362443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.460094929 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.492635012 CEST4435936313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.493079901 CEST59363443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.493093967 CEST4435936313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.493535995 CEST59363443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.493540049 CEST4435936313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.500996113 CEST4435936113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.501189947 CEST4435936113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.501250029 CEST59361443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.501851082 CEST59361443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.501868010 CEST4435936113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.501878023 CEST59361443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.501883984 CEST4435936113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.504657984 CEST59366443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.504769087 CEST4435936613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.504883051 CEST59366443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.505007029 CEST59366443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.505042076 CEST4435936613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.560096025 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.560129881 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.560173035 CEST59362443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.560184956 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.560198069 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.560240984 CEST59362443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.561985016 CEST59362443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.561997890 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.562006950 CEST59362443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.562012911 CEST4435936213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.564408064 CEST59367443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.564438105 CEST4435936713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.564498901 CEST59367443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.564624071 CEST59367443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.564634085 CEST4435936713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.594543934 CEST4435936313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.594691992 CEST4435936313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.594763041 CEST59363443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.601391077 CEST59363443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.601408005 CEST4435936313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.601439953 CEST59363443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.601445913 CEST4435936313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.603617907 CEST59368443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.603655100 CEST4435936813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.603779078 CEST59368443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.603889942 CEST59368443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.603903055 CEST4435936813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.607428074 CEST4435936413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.608171940 CEST59364443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.608196974 CEST4435936413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.608556986 CEST59364443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.608566046 CEST4435936413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.677789927 CEST4435936513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.678239107 CEST59365443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.678267956 CEST4435936513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.678651094 CEST59365443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.678656101 CEST4435936513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.712440968 CEST4435936413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.712599039 CEST4435936413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.712658882 CEST59364443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.712897062 CEST59364443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.712915897 CEST4435936413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.712927103 CEST59364443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.712933064 CEST4435936413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.715303898 CEST59369443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.715321064 CEST4435936913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.715374947 CEST59369443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.715512037 CEST59369443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.715516090 CEST4435936913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.780607939 CEST4435936513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.780766964 CEST4435936513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.780833960 CEST59365443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.781163931 CEST59365443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.781173944 CEST4435936513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.781207085 CEST59365443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.781213045 CEST4435936513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.783361912 CEST59370443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.783390045 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:33.783451080 CEST59370443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.783564091 CEST59370443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:33.783571005 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.143898010 CEST4435936613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.144272089 CEST59366443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.144330978 CEST4435936613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.144671917 CEST59366443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.144684076 CEST4435936613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.217380047 CEST4435936713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.217845917 CEST59367443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.217874050 CEST4435936713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.218239069 CEST59367443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.218244076 CEST4435936713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.244558096 CEST4435936613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.244641066 CEST4435936613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.244716883 CEST59366443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.244744062 CEST4435936613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.244816065 CEST59366443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.244890928 CEST59366443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.244930029 CEST4435936613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.244973898 CEST59366443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.244990110 CEST4435936613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.247406960 CEST59371443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.247446060 CEST4435937113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.247679949 CEST59371443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.247679949 CEST59371443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.247713089 CEST4435937113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.247936010 CEST4435936813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.248214006 CEST59368443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.248238087 CEST4435936813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.248652935 CEST59368443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.248656988 CEST4435936813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.319163084 CEST4435936713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.319259882 CEST4435936713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.319324970 CEST59367443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.319413900 CEST59367443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.319425106 CEST4435936713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.319456100 CEST59367443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.319459915 CEST4435936713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.321453094 CEST59372443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.321546078 CEST4435937213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.321633101 CEST59372443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.321754932 CEST59372443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.321773052 CEST4435937213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.346579075 CEST4435936813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.346791029 CEST4435936813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.346865892 CEST59368443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.346906900 CEST59368443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.346916914 CEST4435936813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.346951962 CEST59368443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.346957922 CEST4435936813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.348897934 CEST59373443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.348969936 CEST4435937313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.349057913 CEST59373443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.349184036 CEST59373443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.349203110 CEST4435937313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.390809059 CEST4435936913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.391129017 CEST59369443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.391140938 CEST4435936913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.391478062 CEST59369443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.391490936 CEST4435936913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.440278053 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.440670967 CEST59370443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.440686941 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.441035032 CEST59370443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.441039085 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.539931059 CEST4435936913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.540085077 CEST4435936913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.540152073 CEST59369443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.540242910 CEST59369443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.540261030 CEST4435936913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.540271997 CEST59369443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.540277958 CEST4435936913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.540579081 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.540640116 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.540684938 CEST59370443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.540693045 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.540744066 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.540787935 CEST59370443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.540832996 CEST59370443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.540837049 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.540848970 CEST59370443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.540853024 CEST4435937013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.543001890 CEST59374443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.543082952 CEST59375443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.543093920 CEST4435937413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.543138981 CEST4435937513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.543176889 CEST59374443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.543209076 CEST59375443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.543339968 CEST59374443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.543364048 CEST4435937413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:34.543371916 CEST59375443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:34.543407917 CEST4435937513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.025057077 CEST4435937113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.025537014 CEST59371443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.025548935 CEST4435937113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.025938034 CEST59371443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.025943041 CEST4435937113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.131107092 CEST4435937113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.131257057 CEST4435937113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.131352901 CEST59371443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.131431103 CEST59371443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.131443977 CEST4435937113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.131479025 CEST59371443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.131484985 CEST4435937113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.134058952 CEST59376443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.134104013 CEST4435937613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.134186983 CEST59376443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.134350061 CEST59376443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.134363890 CEST4435937613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.205987930 CEST4435937213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.206645012 CEST59372443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.206695080 CEST4435937213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.207204103 CEST59372443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.207216978 CEST4435937213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.210519075 CEST4435937413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.210773945 CEST59374443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.210823059 CEST4435937413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.211034060 CEST59374443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.211046934 CEST4435937413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.220197916 CEST4435937513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.220419884 CEST59375443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.220436096 CEST4435937513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.220700979 CEST59375443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.220710039 CEST4435937513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.304805040 CEST4435937213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.304876089 CEST4435937213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.304919004 CEST59372443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.304933071 CEST4435937213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.304975986 CEST59372443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.305047989 CEST59372443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.305068970 CEST4435937213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.305080891 CEST59372443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.305087090 CEST4435937213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.307306051 CEST59377443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.307346106 CEST4435937713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.307410002 CEST59377443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.307607889 CEST59377443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.307621002 CEST4435937713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.309911013 CEST4435937413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.309978008 CEST4435937413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.310029030 CEST59374443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.310106039 CEST59374443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.310133934 CEST4435937413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.310148001 CEST59374443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.310156107 CEST4435937413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.311877012 CEST59378443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.311888933 CEST4435937813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.311945915 CEST59378443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.312046051 CEST59378443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.312055111 CEST4435937813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.326713085 CEST4435937513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.326889038 CEST4435937513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.326961040 CEST59375443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.326998949 CEST59375443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.326998949 CEST59375443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.327018023 CEST4435937513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.327039003 CEST4435937513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.328758955 CEST59379443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.328808069 CEST4435937913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.328869104 CEST59379443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.328968048 CEST59379443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.328980923 CEST4435937913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.773299932 CEST4435937613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.773828030 CEST59376443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.773857117 CEST4435937613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.774291992 CEST59376443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.774298906 CEST4435937613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.872642040 CEST4435937613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.872829914 CEST4435937613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.872889042 CEST4435937613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.872890949 CEST59376443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.872934103 CEST59376443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.873307943 CEST59376443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.873334885 CEST4435937613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.873353004 CEST59376443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.873361111 CEST4435937613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.886251926 CEST59380443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.886342049 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.886480093 CEST59380443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.886946917 CEST59380443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.886984110 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.962795973 CEST4435937813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.963337898 CEST59378443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.963365078 CEST4435937813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.963773012 CEST59378443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.963781118 CEST4435937813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.965418100 CEST4435937913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.965754032 CEST59379443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.965764046 CEST4435937913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:35.966169119 CEST59379443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:35.966175079 CEST4435937913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.004498959 CEST4435937713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.004913092 CEST59377443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.004934072 CEST4435937713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.005326986 CEST59377443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.005331993 CEST4435937713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.065910101 CEST4435937813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.065938950 CEST4435937913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.066021919 CEST4435937813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.066092014 CEST59378443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.066220045 CEST59378443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.066232920 CEST4435937813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.066243887 CEST59378443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.066248894 CEST4435937813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.066385984 CEST4435937913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.066441059 CEST59379443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.066463947 CEST59379443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.066477060 CEST4435937913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.066489935 CEST59379443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.066494942 CEST4435937913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.068949938 CEST59381443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.068978071 CEST4435938113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.068986893 CEST59382443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.068994045 CEST4435938213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.069035053 CEST59381443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.069057941 CEST59382443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.069160938 CEST59381443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.069166899 CEST4435938113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.069184065 CEST59382443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.069188118 CEST4435938213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.097661018 CEST4435937313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.098052025 CEST59373443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.098077059 CEST4435937313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.098469973 CEST59373443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.098476887 CEST4435937313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.111283064 CEST4435937713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.111341000 CEST4435937713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.111402035 CEST59377443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.111514091 CEST59377443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.111521006 CEST4435937713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.111530066 CEST59377443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.111535072 CEST4435937713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.114087105 CEST59383443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.114145041 CEST4435938313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.114223957 CEST59383443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.114330053 CEST59383443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.114352942 CEST4435938313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.206095934 CEST4435937313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.206157923 CEST4435937313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.206218004 CEST59373443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.206408024 CEST59373443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.206418037 CEST4435937313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.206430912 CEST59373443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.206435919 CEST4435937313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.209367037 CEST59384443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.209389925 CEST4435938413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.209445953 CEST59384443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.209568024 CEST59384443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.209582090 CEST4435938413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.533395052 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.543606043 CEST59380443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.543674946 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.544070959 CEST59380443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.544085979 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.645584106 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.645659924 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.645725965 CEST59380443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.645757914 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.645790100 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.645843983 CEST59380443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.645987988 CEST59380443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.645987988 CEST59380443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.646020889 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.646043062 CEST4435938013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.648525953 CEST59385443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.648564100 CEST4435938513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.648633003 CEST59385443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.648766041 CEST59385443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.648782969 CEST4435938513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.745315075 CEST4435938213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.745824099 CEST59382443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.745846033 CEST4435938213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.746455908 CEST59382443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.746462107 CEST4435938213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.752584934 CEST4435938113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.753084898 CEST59381443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.753099918 CEST4435938113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.753602982 CEST59381443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.753607035 CEST4435938113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.767817974 CEST4435938313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.768136978 CEST59383443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.768170118 CEST4435938313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.768536091 CEST59383443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.768542051 CEST4435938313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.845307112 CEST4435938413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.846020937 CEST59384443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.846044064 CEST4435938413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.846561909 CEST59384443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.846565962 CEST4435938413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.847209930 CEST4435938213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.847373009 CEST4435938213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.847439051 CEST59382443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.847492933 CEST59382443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.847508907 CEST4435938213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.847529888 CEST59382443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.847534895 CEST4435938213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.850182056 CEST59386443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.850222111 CEST4435938613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.850312948 CEST59386443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.850442886 CEST59386443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.850455046 CEST4435938613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.858292103 CEST4435938113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.858464003 CEST4435938113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.858524084 CEST59381443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.858582020 CEST59381443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.858596087 CEST4435938113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.858623028 CEST59381443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.858628988 CEST4435938113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.860518932 CEST59387443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.860569000 CEST4435938713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.860640049 CEST59387443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.860769033 CEST59387443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.860780954 CEST4435938713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.868999958 CEST4435938313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.869169950 CEST4435938313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.869225979 CEST59383443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.869272947 CEST59383443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.869272947 CEST59383443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.869297028 CEST4435938313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.869318962 CEST4435938313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.870882988 CEST59388443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.870940924 CEST4435938813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.871020079 CEST59388443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.871135950 CEST59388443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.871156931 CEST4435938813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.956707954 CEST4435938413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.956772089 CEST4435938413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.956868887 CEST59384443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.956885099 CEST4435938413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.957022905 CEST59384443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.957196951 CEST59384443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.957221985 CEST4435938413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.957233906 CEST59384443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.957238913 CEST4435938413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.960319996 CEST59389443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.960357904 CEST4435938913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:36.960455894 CEST59389443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.960618973 CEST59389443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:36.960634947 CEST4435938913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.292613029 CEST4435938513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.293203115 CEST59385443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.293231964 CEST4435938513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.293581963 CEST59385443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.293590069 CEST4435938513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.393033028 CEST4435938513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.393198013 CEST4435938513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.393280983 CEST59385443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.393435001 CEST59385443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.393450975 CEST4435938513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.393460035 CEST59385443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.393465996 CEST4435938513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.396126032 CEST59390443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.396157980 CEST4435939013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.396238089 CEST59390443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.396404028 CEST59390443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.396414042 CEST4435939013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.511195898 CEST4435938813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.511697054 CEST59388443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.511758089 CEST4435938813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.512065887 CEST59388443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.512080908 CEST4435938813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.512969017 CEST4435938613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.513233900 CEST59386443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.513297081 CEST4435938613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.513509989 CEST59386443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.513525009 CEST4435938613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.524914980 CEST4435938713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.525319099 CEST59387443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.525381088 CEST4435938713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.525530100 CEST59387443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.525546074 CEST4435938713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.606024981 CEST4435938913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.606519938 CEST59389443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.606538057 CEST4435938913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.606911898 CEST59389443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.606918097 CEST4435938913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.610852957 CEST4435938813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.611175060 CEST4435938813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.611216068 CEST4435938813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.611267090 CEST59388443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.611336946 CEST59388443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.612390995 CEST4435938613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.612520933 CEST4435938613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.612595081 CEST59386443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.613337040 CEST59388443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.613383055 CEST59386443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.613384008 CEST59386443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.613385916 CEST4435938813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.613415956 CEST59388443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.613429070 CEST4435938613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.613432884 CEST4435938813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.613460064 CEST4435938613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.616075039 CEST59391443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.616132975 CEST4435939113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.616178989 CEST59392443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.616209984 CEST59391443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.616286039 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.616358995 CEST59392443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.616415024 CEST59391443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.616430044 CEST4435939113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.616497040 CEST59392443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.616516113 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.628164053 CEST4435938713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.628375053 CEST4435938713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.628444910 CEST59387443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.628489017 CEST59387443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.628506899 CEST4435938713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.628539085 CEST59387443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.628551960 CEST4435938713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.630323887 CEST59393443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.630373001 CEST4435939313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.630449057 CEST59393443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.630554914 CEST59393443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.630583048 CEST4435939313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.705960035 CEST4435938913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.706110954 CEST4435938913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.706300020 CEST59389443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.706321955 CEST59389443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.706321955 CEST59389443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.706332922 CEST4435938913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.706340075 CEST4435938913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.710037947 CEST59394443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.710071087 CEST4435939413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:37.710156918 CEST59394443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.710282087 CEST59394443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:37.710302114 CEST4435939413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.094504118 CEST4435939013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.095967054 CEST59390443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.095983982 CEST4435939013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.096337080 CEST59390443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.096343994 CEST4435939013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.335989952 CEST4435939113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.336550951 CEST59391443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.336576939 CEST4435939113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.336978912 CEST59391443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.337007046 CEST4435939113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.341161966 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.341412067 CEST59392443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.341434956 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.341690063 CEST59392443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.341694117 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.435000896 CEST4435939013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.435023069 CEST4435939013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.435071945 CEST4435939013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.435103893 CEST59390443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.435137033 CEST59390443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.435420990 CEST59390443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.435436010 CEST4435939013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.435446024 CEST59390443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.435450077 CEST4435939013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.438308954 CEST59395443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.438370943 CEST4435939513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.438628912 CEST59395443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.438628912 CEST59395443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.438702106 CEST4435939513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.444595098 CEST4435939113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.445736885 CEST4435939113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.445792913 CEST59391443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.445820093 CEST59391443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.445837021 CEST4435939113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.445847988 CEST59391443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.445852041 CEST4435939113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.447967052 CEST59396443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.447982073 CEST4435939613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.448107004 CEST59396443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.448205948 CEST59396443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.448216915 CEST4435939613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.448235035 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.448299885 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.448353052 CEST59392443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.448367119 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.448405981 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.448451042 CEST59392443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.448463917 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.448473930 CEST59392443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.448473930 CEST59392443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.448478937 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.448484898 CEST4435939213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.450273037 CEST59397443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.450293064 CEST4435939713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.450401068 CEST59397443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.450552940 CEST59397443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.450565100 CEST4435939713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.535670996 CEST4435939413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.536207914 CEST59394443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.536271095 CEST4435939413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.536312103 CEST4435939313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.536560059 CEST59393443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.536581039 CEST4435939313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.536627054 CEST59394443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.536638021 CEST4435939413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.537024021 CEST59393443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.537034988 CEST4435939313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.640294075 CEST4435939413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.640487909 CEST4435939413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.640569925 CEST4435939413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.640590906 CEST59394443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.640626907 CEST59394443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.643368959 CEST4435939313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.643454075 CEST4435939313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.643512964 CEST59393443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.646574020 CEST59394443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.646574020 CEST59394443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.646610022 CEST4435939413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.646634102 CEST4435939413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.647835970 CEST59393443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.647835970 CEST59393443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.647850037 CEST4435939313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.647870064 CEST4435939313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.650453091 CEST59398443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.650474072 CEST4435939813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.650538921 CEST59398443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.651062965 CEST59399443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.651144981 CEST4435939913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.651177883 CEST59398443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.651190996 CEST4435939813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:38.651211023 CEST59399443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.651326895 CEST59399443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:38.651360989 CEST4435939913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.107355118 CEST4435939613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.107824087 CEST59396443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.107853889 CEST4435939613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.108508110 CEST59396443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.108515024 CEST4435939613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.235933065 CEST4435939513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.236414909 CEST59395443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.236429930 CEST4435939513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.236808062 CEST59395443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.236812115 CEST4435939513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.238621950 CEST4435939713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.238934994 CEST59397443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.238945961 CEST4435939713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.239301920 CEST59397443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.239305019 CEST4435939713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.253771067 CEST4435939613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.253793001 CEST4435939613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.253829956 CEST4435939613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.253870964 CEST59396443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.253958941 CEST59396443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.254070044 CEST59396443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.254086018 CEST4435939613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.254117012 CEST59396443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.254122019 CEST4435939613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.256443024 CEST59400443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.256535053 CEST4435940013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.256623983 CEST59400443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.256742954 CEST59400443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.256762028 CEST4435940013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.336735010 CEST4435939713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.336997032 CEST4435939713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.337073088 CEST59397443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.337102890 CEST59397443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.337116003 CEST4435939713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.337124109 CEST59397443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.337127924 CEST4435939713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.339628935 CEST59401443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.339714050 CEST4435940113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.339783907 CEST59401443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.339941978 CEST59401443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.339953899 CEST4435940113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.340783119 CEST4435939513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.340970039 CEST4435939513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.341042995 CEST59395443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.341109037 CEST59395443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.341109037 CEST59395443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.341146946 CEST4435939513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.341171026 CEST4435939513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.349720955 CEST59402443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.349745989 CEST4435940213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.349807978 CEST59402443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.350048065 CEST59402443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.350063086 CEST4435940213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.506647110 CEST4435939913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.507188082 CEST59399443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.507221937 CEST4435939913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.507704973 CEST59399443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.507711887 CEST4435939913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.611933947 CEST4435939913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.612140894 CEST4435939913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.612242937 CEST59399443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.612354040 CEST59399443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.612391949 CEST4435939913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.612420082 CEST59399443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.612436056 CEST4435939913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.615405083 CEST59403443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.615468025 CEST4435940313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.615566015 CEST59403443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.615761995 CEST59403443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.615777969 CEST4435940313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.921876907 CEST4435940013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.924495935 CEST59400443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.924555063 CEST4435940013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:39.925221920 CEST59400443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:39.925235033 CEST4435940013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.019927979 CEST4435940213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.020695925 CEST59402443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.020730972 CEST4435940213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.021250010 CEST59402443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.021256924 CEST4435940213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.022907972 CEST4435940113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.024571896 CEST59401443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.024591923 CEST4435940113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.025218964 CEST59401443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.025224924 CEST4435940113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.040112019 CEST4435940013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.040414095 CEST4435940013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.040466070 CEST4435940013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.040468931 CEST59400443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.040518999 CEST59400443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.040559053 CEST59400443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.040592909 CEST4435940013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.040640116 CEST59400443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.040654898 CEST4435940013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.042896986 CEST59404443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.042968988 CEST4435940413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.043050051 CEST59404443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.043226004 CEST59404443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.043256044 CEST4435940413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.123785973 CEST4435940213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.123891115 CEST4435940213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.123936892 CEST4435940213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.123950005 CEST59402443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.123982906 CEST59402443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.124140978 CEST59402443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.124161005 CEST4435940213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.124172926 CEST59402443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.124180079 CEST4435940213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.126967907 CEST59405443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.127002001 CEST4435940513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.127089977 CEST59405443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.127238035 CEST59405443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.127253056 CEST4435940513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.127759933 CEST4435940113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.127904892 CEST4435940113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.127964973 CEST59401443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.128007889 CEST59401443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.128007889 CEST59401443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.128030062 CEST4435940113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.128042936 CEST4435940113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.129910946 CEST59406443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.129920006 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.129976988 CEST59406443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.130089045 CEST59406443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.130104065 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.257894039 CEST4435940313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.258730888 CEST59403443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.258805990 CEST4435940313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.259280920 CEST59403443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.259294987 CEST4435940313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.365767956 CEST4435940313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.365915060 CEST4435940313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.365999937 CEST59403443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.366264105 CEST59403443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.366300106 CEST4435940313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.366327047 CEST59403443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.366342068 CEST4435940313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.369085073 CEST59407443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.369172096 CEST4435940713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.369277000 CEST59407443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.369434118 CEST59407443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.369465113 CEST4435940713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.679193974 CEST4435940413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.679908037 CEST59404443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.679961920 CEST4435940413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.694106102 CEST59404443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.694113016 CEST4435940413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.785778999 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.786164045 CEST59406443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.786181927 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.786569118 CEST59406443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.786575079 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.789324045 CEST4435940413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.789644957 CEST4435940413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.789700031 CEST59404443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.789752007 CEST59404443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.789764881 CEST4435940413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.789772987 CEST59404443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.789777994 CEST4435940413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.792169094 CEST59408443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.792196035 CEST4435940813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.792365074 CEST59408443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.792365074 CEST59408443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.792387962 CEST4435940813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.793917894 CEST4435940513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.794173002 CEST59405443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.794188023 CEST4435940513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.794517994 CEST59405443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.794522047 CEST4435940513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.890460968 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.890522003 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.890604973 CEST59406443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.890616894 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.890635014 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.890680075 CEST59406443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.897876978 CEST4435940513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.898034096 CEST4435940513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.898097992 CEST59405443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.900060892 CEST59406443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.900074959 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.900084019 CEST59406443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.900089025 CEST4435940613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.900964975 CEST59405443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.900968075 CEST4435940513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.900975943 CEST59405443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.900979042 CEST4435940513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.963565111 CEST59409443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.963669062 CEST4435940913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.963768959 CEST59409443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.978782892 CEST59410443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.978807926 CEST4435941013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.978885889 CEST59410443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.981934071 CEST59409443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.981969118 CEST4435940913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:40.982044935 CEST59410443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:40.982070923 CEST4435941013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.017867088 CEST4435940713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.029443979 CEST59407443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.029479980 CEST4435940713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.035003901 CEST59407443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.035012960 CEST4435940713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.133532047 CEST4435940713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.134263992 CEST4435940713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.134342909 CEST59407443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.134380102 CEST59407443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.134396076 CEST4435940713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.134406090 CEST59407443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.134411097 CEST4435940713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.137856007 CEST59411443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.137887955 CEST4435941113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.138003111 CEST59411443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.138201952 CEST59411443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.138216019 CEST4435941113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.457863092 CEST4435940813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.458534956 CEST59408443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.458554983 CEST4435940813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.458904028 CEST59408443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.458909035 CEST4435940813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.751411915 CEST4435940813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.751450062 CEST4435940813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.751480103 CEST4435940813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.751548052 CEST59408443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.751593113 CEST59408443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.752686977 CEST59408443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.752686977 CEST59408443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.752707005 CEST4435940813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.752721071 CEST4435940813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.758336067 CEST59412443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.758430958 CEST4435941213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.758506060 CEST59412443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.758718014 CEST59412443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.758754015 CEST4435941213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.762425900 CEST4435941013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.762979031 CEST59410443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.763041019 CEST4435941013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.763217926 CEST4435940913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.763484001 CEST59410443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.763500929 CEST4435941013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.763719082 CEST59409443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.763731956 CEST4435940913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.764502048 CEST59409443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.764512062 CEST4435940913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.861711025 CEST4435941013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.862204075 CEST4435941013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.862260103 CEST59410443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.862533092 CEST59410443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.862555981 CEST4435941013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.862571001 CEST59410443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.862577915 CEST4435941013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.863672018 CEST4435940913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.863832951 CEST4435940913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.863876104 CEST59409443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.865153074 CEST59409443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.865153074 CEST59409443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.865179062 CEST4435940913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.865195036 CEST4435940913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.871170044 CEST59413443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.871202946 CEST4435941313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.871258020 CEST59413443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.872091055 CEST59414443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.872102022 CEST4435941413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.872148037 CEST59414443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.872358084 CEST59413443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.872370005 CEST4435941313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.872587919 CEST59414443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.872602940 CEST4435941413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.936525106 CEST4435941113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.937747955 CEST59411443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.937747955 CEST59411443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:41.937773943 CEST4435941113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:41.937786102 CEST4435941113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.048155069 CEST4435941113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.048283100 CEST4435941113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.048391104 CEST59411443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.048558950 CEST59411443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.048558950 CEST59411443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.048585892 CEST4435941113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.048595905 CEST4435941113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.051001072 CEST59415443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.051104069 CEST4435941513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.051194906 CEST59415443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.051321030 CEST59415443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.051354885 CEST4435941513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.090440035 CEST4435939813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.090943098 CEST59398443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.090955973 CEST4435939813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.091325045 CEST59398443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.091331005 CEST4435939813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.193200111 CEST4435939813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.193346024 CEST4435939813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.193490028 CEST59398443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.193490028 CEST59398443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.193490028 CEST59398443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.195945978 CEST59416443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.195982933 CEST4435941613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.196055889 CEST59416443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.196180105 CEST59416443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.196192026 CEST4435941613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.429081917 CEST4435941213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.429660082 CEST59412443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.429749966 CEST4435941213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.429960966 CEST59412443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.429976940 CEST4435941213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.497980118 CEST59398443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.497997046 CEST4435939813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.511234045 CEST4435941413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.511693954 CEST59414443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.511729956 CEST4435941413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.512079000 CEST59414443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.512085915 CEST4435941413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.513956070 CEST4435941313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.515063047 CEST59413443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.515081882 CEST4435941313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.515429020 CEST59413443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.515435934 CEST4435941313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.532118082 CEST4435941213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.532159090 CEST4435941213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.532255888 CEST59412443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.532433033 CEST59412443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.532433033 CEST59412443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.532480955 CEST4435941213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.532514095 CEST4435941213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.534396887 CEST59417443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.534471035 CEST4435941713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.534548998 CEST59417443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.534666061 CEST59417443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.534698009 CEST4435941713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.610208035 CEST4435941413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.610404015 CEST4435941413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.610466003 CEST59414443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.610497952 CEST59414443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.610512972 CEST4435941413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.610526085 CEST59414443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.610532045 CEST4435941413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.612436056 CEST59418443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.612478018 CEST4435941813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.612565041 CEST59418443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.612709045 CEST59418443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.612734079 CEST4435941813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.613593102 CEST4435941313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.613727093 CEST4435941313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.613771915 CEST59413443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.613786936 CEST59413443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.613795996 CEST4435941313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.613806963 CEST59413443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.613811970 CEST4435941313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.615391016 CEST59419443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.615427017 CEST4435941913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.615494967 CEST59419443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.615601063 CEST59419443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.615614891 CEST4435941913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.691854954 CEST4435941513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.692239046 CEST59415443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.692328930 CEST4435941513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.692620993 CEST59415443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.692635059 CEST4435941513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.793750048 CEST4435941513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.793901920 CEST4435941513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.794161081 CEST59415443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.794162035 CEST59415443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.794162035 CEST59415443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.796817064 CEST59420443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.796863079 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.796953917 CEST59420443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.797156096 CEST59420443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.797174931 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.875492096 CEST4435941613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.876059055 CEST59416443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.876066923 CEST4435941613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.876451969 CEST59416443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.876456022 CEST4435941613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.989569902 CEST4435941613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.989643097 CEST4435941613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.989758968 CEST4435941613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.989778042 CEST59416443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.989815950 CEST59416443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.989850044 CEST59416443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.989866018 CEST4435941613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.989881039 CEST59416443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.989886045 CEST4435941613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.992422104 CEST59421443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.992480040 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:42.992558956 CEST59421443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.992707968 CEST59421443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:42.992724895 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.107347012 CEST59415443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.107398987 CEST4435941513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.204216003 CEST4435941713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.204667091 CEST59417443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.204715967 CEST4435941713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.205136061 CEST59417443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.205153942 CEST4435941713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.301172018 CEST4435941913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.301592112 CEST59419443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.301604986 CEST4435941913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.301970959 CEST59419443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.301975012 CEST4435941913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.309716940 CEST4435941713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.309982061 CEST4435941713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.310059071 CEST59417443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.310825109 CEST59417443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.310825109 CEST59417443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.310863018 CEST4435941713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.310885906 CEST4435941713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.348442078 CEST59422443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.348510981 CEST4435942213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.348602057 CEST59422443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.353626966 CEST59422443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.353656054 CEST4435942213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.607182980 CEST4435941913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.607332945 CEST4435941913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.607393980 CEST59419443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.607618093 CEST59419443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.607635021 CEST4435941913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.607641935 CEST59419443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.607646942 CEST4435941913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.609771967 CEST59423443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.609797001 CEST4435942313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.609900951 CEST59423443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.610047102 CEST59423443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.610061884 CEST4435942313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.614223957 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.614572048 CEST59420443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.614583015 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.614950895 CEST59420443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.614957094 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.715842962 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.715890884 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.715941906 CEST59420443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.715955019 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.716015100 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.716063023 CEST59420443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.716120005 CEST59420443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.716130972 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.716144085 CEST59420443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.716149092 CEST4435942013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.718836069 CEST59424443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.718848944 CEST4435942413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.718974113 CEST59424443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.719090939 CEST59424443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.719105005 CEST4435942413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.843986034 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.844438076 CEST59421443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.844486952 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.844846010 CEST59421443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.844861984 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.955934048 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.956007957 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.956068039 CEST59421443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.956089973 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.956121922 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.956193924 CEST59421443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.956243992 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.956278086 CEST59421443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.956293106 CEST4435942113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.958746910 CEST59425443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.958790064 CEST4435942513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:43.958868027 CEST59425443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.959007025 CEST59425443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:43.959033012 CEST4435942513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.185717106 CEST4435942213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.186307907 CEST59422443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.186372995 CEST4435942213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.186772108 CEST59422443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.186785936 CEST4435942213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.293382883 CEST4435942213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.293453932 CEST4435942213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.293508053 CEST4435942213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.293598890 CEST59422443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.293731928 CEST59422443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.293765068 CEST4435942213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.293816090 CEST59422443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.293833017 CEST4435942213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.296443939 CEST59426443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.296492100 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.296575069 CEST59426443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.296721935 CEST59426443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.296749115 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.376209974 CEST4435942413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.378304005 CEST59424443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.378324032 CEST4435942413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.378705978 CEST59424443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.378711939 CEST4435942413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.480871916 CEST4435942413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.481283903 CEST4435942413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.481334925 CEST4435942413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.481415987 CEST59424443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.481471062 CEST59424443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.481623888 CEST59424443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.481656075 CEST4435942413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.481671095 CEST59424443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.481678963 CEST4435942413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.487778902 CEST59427443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.487816095 CEST4435942713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.487937927 CEST59427443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.488109112 CEST59427443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.488127947 CEST4435942713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.620956898 CEST4435942513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.621680021 CEST59425443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.621725082 CEST4435942513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.622111082 CEST59425443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.622123003 CEST4435942513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.654740095 CEST4435941813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.655244112 CEST59418443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.655291080 CEST4435941813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.655616045 CEST59418443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.655627966 CEST4435941813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.732132912 CEST4435942513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.732306957 CEST4435942513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.732372046 CEST59425443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.732952118 CEST59425443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.732975006 CEST4435942513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.732999086 CEST59425443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.733011961 CEST4435942513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.737179041 CEST59428443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.737215996 CEST4435942813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.737272024 CEST59428443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.737416983 CEST59428443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.737423897 CEST4435942813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.753218889 CEST4435941813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.754367113 CEST4435941813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.754637003 CEST59418443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.754811049 CEST59418443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.754811049 CEST59418443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.754857063 CEST4435941813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.754884005 CEST4435941813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.757390022 CEST59429443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.757442951 CEST4435942913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.757528067 CEST59429443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.757654905 CEST59429443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.757687092 CEST4435942913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.962407112 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.962831020 CEST59426443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.962894917 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:44.963284969 CEST59426443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:44.963299036 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.062355995 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.062418938 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.062494993 CEST59426443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.062560081 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.062711000 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.062781096 CEST59426443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.063431978 CEST59426443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.063431978 CEST59426443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.063466072 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.063492060 CEST4435942613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.065588951 CEST59430443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:45.065627098 CEST44359430142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:45.065712929 CEST59430443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:45.066030025 CEST59430443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:45.066046000 CEST44359430142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:45.067586899 CEST59431443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.067596912 CEST4435943113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.067728043 CEST59431443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.067851067 CEST59431443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.067866087 CEST4435943113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.144516945 CEST4435942713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.144963980 CEST59427443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.144984007 CEST4435942713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.145406008 CEST59427443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.145411968 CEST4435942713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.224858046 CEST4435942313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.225352049 CEST59423443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.225387096 CEST4435942313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.225814104 CEST59423443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.225825071 CEST4435942313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.243505001 CEST4435942713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.243691921 CEST4435942713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.243745089 CEST4435942713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.243751049 CEST59427443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.243786097 CEST59427443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.243812084 CEST4435942713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.243848085 CEST59427443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.243856907 CEST4435942713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.246082067 CEST59432443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.246124029 CEST4435943213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.246201992 CEST59432443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.246330976 CEST59432443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.246359110 CEST4435943213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.330430984 CEST4435942313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.330523968 CEST4435942313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.330579042 CEST59423443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.330744028 CEST59423443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.330769062 CEST4435942313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.330781937 CEST59423443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.330790043 CEST4435942313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.333534002 CEST59433443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.333646059 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.333731890 CEST59433443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.333858013 CEST59433443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.333895922 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.407236099 CEST4435942813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.408377886 CEST59428443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.408400059 CEST4435942813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.409018040 CEST59428443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.409023046 CEST4435942813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.513154984 CEST4435942813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.513197899 CEST4435942813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.513258934 CEST4435942813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.513328075 CEST59428443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.513377905 CEST59428443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.513499022 CEST59428443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.513520002 CEST4435942813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.513555050 CEST59428443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.513566017 CEST4435942813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.520370007 CEST59434443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.520467997 CEST4435943413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.520730019 CEST59434443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.520730972 CEST59434443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.520869017 CEST4435943413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.542602062 CEST4435942913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.543049097 CEST59429443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.543111086 CEST4435942913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.543515921 CEST59429443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.543529987 CEST4435942913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.681642056 CEST4435942913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.681730032 CEST4435942913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.681811094 CEST59429443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.682116985 CEST59429443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.682117939 CEST59429443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.682152987 CEST4435942913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.682179928 CEST4435942913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.686286926 CEST59435443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.686348915 CEST4435943513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.686441898 CEST59435443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.686557055 CEST59435443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.686587095 CEST4435943513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.724406958 CEST44359430142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:45.724687099 CEST59430443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:45.724705935 CEST44359430142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:45.725217104 CEST44359430142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:45.725708961 CEST59430443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:45.725790024 CEST44359430142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:45.725874901 CEST59430443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:45.725895882 CEST59430443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:45.725908041 CEST44359430142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:45.738867044 CEST4435943113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.745688915 CEST59431443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.745712996 CEST4435943113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.746098995 CEST59431443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.746109009 CEST4435943113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.846266031 CEST4435943113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.846369982 CEST4435943113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.846424103 CEST59431443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.850420952 CEST59431443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.850446939 CEST4435943113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.850467920 CEST59431443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.850476027 CEST4435943113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.883656979 CEST4435943213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.893908024 CEST59432443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.893939972 CEST4435943213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.894418955 CEST59432443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.894428968 CEST4435943213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.914446115 CEST59436443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.914479971 CEST4435943613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.914544106 CEST59436443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.931379080 CEST59436443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.931416988 CEST4435943613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.982214928 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.982997894 CEST59433443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.983038902 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.984024048 CEST59433443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.984051943 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.993680000 CEST4435943213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.993757963 CEST4435943213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.993812084 CEST59432443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.993902922 CEST59432443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.993902922 CEST59432443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.993917942 CEST4435943213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.993932009 CEST4435943213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.998496056 CEST59437443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.998586893 CEST4435943713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:45.998676062 CEST59437443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.998929024 CEST59437443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:45.998965025 CEST4435943713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.029128075 CEST44359430142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.029692888 CEST44359430142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.029787064 CEST59430443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:46.029845953 CEST59430443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:46.029865026 CEST44359430142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.079591990 CEST59438443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:46.079626083 CEST44359438142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.079694986 CEST59438443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:46.079902887 CEST59438443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:46.079915047 CEST44359438142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.087378025 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.087511063 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.087563038 CEST59433443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.087606907 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.087645054 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.087693930 CEST59433443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.087735891 CEST59433443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.087770939 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.087795973 CEST59433443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.087810040 CEST4435943313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.090368032 CEST59439443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.090379953 CEST4435943913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.090446949 CEST59439443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.090606928 CEST59439443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.090616941 CEST4435943913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.189987898 CEST4435943413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.190789938 CEST59434443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.190840006 CEST4435943413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.191307068 CEST59434443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.191318035 CEST4435943413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.292928934 CEST4435943413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.293405056 CEST4435943413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.293488979 CEST59434443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.293574095 CEST59434443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.293574095 CEST59434443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.293622017 CEST4435943413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.293648005 CEST4435943413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.296114922 CEST59440443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.296205997 CEST4435944013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.296288013 CEST59440443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.296411991 CEST59440443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.296441078 CEST4435944013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.336359978 CEST4435943513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.336812019 CEST59435443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.336843014 CEST4435943513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.337220907 CEST59435443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.337233067 CEST4435943513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.440541983 CEST4435943513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.440606117 CEST4435943513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.440709114 CEST4435943513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.440737963 CEST59435443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.440781116 CEST59435443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.441037893 CEST59435443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.441060066 CEST4435943513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.441097975 CEST59435443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.441112041 CEST4435943513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.443975925 CEST59441443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.444025993 CEST4435944113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.444107056 CEST59441443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.444274902 CEST59441443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.444293976 CEST4435944113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.598763943 CEST4435943613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.599219084 CEST59436443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.599232912 CEST4435943613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.599666119 CEST59436443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.599669933 CEST4435943613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.642323017 CEST4435943713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.643460035 CEST59437443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.643553019 CEST4435943713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.643876076 CEST59437443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.643889904 CEST4435943713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.701417923 CEST4435943613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.701575994 CEST4435943613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.701728106 CEST59436443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.701747894 CEST59436443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.701761961 CEST4435943613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.701771021 CEST59436443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.701776028 CEST4435943613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.704581022 CEST59442443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.704627037 CEST4435944213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.704721928 CEST59442443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.704838991 CEST59442443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.704859972 CEST4435944213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.734630108 CEST4435943913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.735073090 CEST59439443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.735080957 CEST4435943913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.735455036 CEST59439443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.735459089 CEST4435943913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.743951082 CEST4435943713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.744276047 CEST4435943713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.744321108 CEST4435943713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.744347095 CEST59437443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.744415045 CEST59437443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.744415045 CEST59437443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.744457006 CEST59437443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.744498014 CEST4435943713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.746788025 CEST59443443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.746856928 CEST4435944313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.746943951 CEST59443443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.747055054 CEST59443443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.747073889 CEST4435944313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.755114079 CEST44359438142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.755460024 CEST59438443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:46.755467892 CEST44359438142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.755990028 CEST44359438142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.756311893 CEST59438443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:46.756395102 CEST44359438142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.756521940 CEST59438443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:46.756544113 CEST59438443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:46.756553888 CEST44359438142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.837928057 CEST4435943913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.838130951 CEST4435943913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.838202953 CEST59439443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.838290930 CEST59439443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.838299990 CEST4435943913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.838313103 CEST59439443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.838316917 CEST4435943913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.841058016 CEST59444443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.841120958 CEST4435944413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.841197968 CEST59444443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.841310978 CEST59444443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.841330051 CEST4435944413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.962269068 CEST4435944013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.963007927 CEST59440443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.963072062 CEST4435944013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.963591099 CEST59440443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:46.963603973 CEST4435944013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:46.979087114 CEST44359438142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.980911016 CEST44359438142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:46.981132984 CEST59438443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:46.981132984 CEST59438443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:47.061841965 CEST4435944013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.061985970 CEST4435944013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.062294006 CEST59440443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.062294006 CEST59440443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.062294006 CEST59440443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.064893961 CEST59445443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.064924955 CEST4435944513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.064996958 CEST59445443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.065148115 CEST59445443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.065162897 CEST4435944513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.104496956 CEST4435944113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.105237961 CEST59441443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.105272055 CEST4435944113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.105592966 CEST59441443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.105601072 CEST4435944113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.207843065 CEST4435944113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.207990885 CEST4435944113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.208041906 CEST59441443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.208245993 CEST59441443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.208268881 CEST4435944113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.208282948 CEST59441443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.208290100 CEST4435944113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.210650921 CEST59446443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.210715055 CEST4435944613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.210779905 CEST59446443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.210900068 CEST59446443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.210921049 CEST4435944613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.283457994 CEST59438443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:47.283473969 CEST44359438142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:47.360148907 CEST4435944213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.361020088 CEST59442443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.361041069 CEST4435944213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.361613989 CEST59442443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.361622095 CEST4435944213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.373795033 CEST59440443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.373842955 CEST4435944013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.408026934 CEST59447443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:47.408056021 CEST4435944313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.408070087 CEST44359447142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:47.408152103 CEST59447443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:47.408495903 CEST59447443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:47.408515930 CEST44359447142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:47.408765078 CEST59443443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.408792973 CEST4435944313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.409136057 CEST59443443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.409147978 CEST4435944313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.468705893 CEST4435944213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.468925953 CEST4435944213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.468991041 CEST59442443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.469141006 CEST59442443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.469166040 CEST4435944213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.469178915 CEST59442443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.469187021 CEST4435944213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.472378016 CEST59448443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.472472906 CEST4435944813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.472579002 CEST59448443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.472748041 CEST59448443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.472784996 CEST4435944813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.507611990 CEST4435944313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.507694006 CEST4435944313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.507756948 CEST59443443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.507914066 CEST59443443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.507937908 CEST4435944313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.507951975 CEST59443443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.507958889 CEST4435944313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.510894060 CEST59449443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.510919094 CEST4435944913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.510998964 CEST59449443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.511195898 CEST59449443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.511205912 CEST4435944913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.524326086 CEST4435944413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.524930954 CEST59444443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.524950981 CEST4435944413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.525402069 CEST59444443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.525413990 CEST4435944413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.630908966 CEST4435944413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.630945921 CEST4435944413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.630995989 CEST4435944413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.631036997 CEST59444443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.631088018 CEST59444443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.634212017 CEST59444443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.634237051 CEST4435944413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.634301901 CEST59444443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.634316921 CEST4435944413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.637335062 CEST59450443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.637350082 CEST4435945013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.637414932 CEST59450443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.637572050 CEST59450443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.637582064 CEST4435945013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.720755100 CEST4435944513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.721349955 CEST59445443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.721379995 CEST4435944513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.721810102 CEST59445443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.721816063 CEST4435944513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.822429895 CEST4435944513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.822485924 CEST4435944513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.822537899 CEST59445443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.822798967 CEST59445443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.822820902 CEST4435944513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.822833061 CEST59445443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.822840929 CEST4435944513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.829412937 CEST59451443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.829467058 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.829535007 CEST59451443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.829662085 CEST59451443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.829684019 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.850800037 CEST4435944613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.851494074 CEST59446443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.851516962 CEST4435944613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.852065086 CEST59446443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.852075100 CEST4435944613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.956374884 CEST4435944613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.956414938 CEST4435944613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.956465960 CEST4435944613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.956516981 CEST59446443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.956552982 CEST59446443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.956785917 CEST59446443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.956809998 CEST4435944613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.956823111 CEST59446443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.956830025 CEST4435944613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.959975958 CEST59452443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.960027933 CEST4435945213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:47.960124969 CEST59452443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.960295916 CEST59452443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:47.960315943 CEST4435945213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.133790016 CEST4435944813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.134390116 CEST59448443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.134427071 CEST4435944813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.134728909 CEST59448443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.134737968 CEST4435944813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.252017021 CEST44359447142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:48.260699034 CEST59447443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:48.260716915 CEST44359447142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:48.261545897 CEST44359447142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:48.261815071 CEST59447443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:48.261903048 CEST44359447142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:48.261976004 CEST59447443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:48.261992931 CEST59447443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:48.262008905 CEST44359447142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:48.262455940 CEST4435944913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.262857914 CEST59449443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.262875080 CEST4435944913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.263286114 CEST59449443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.263289928 CEST4435944913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.342489958 CEST4435944813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.342777014 CEST4435944813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.342964888 CEST59448443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.373336077 CEST4435944913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.373585939 CEST4435944913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.373648882 CEST4435944913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.373752117 CEST59449443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.373752117 CEST59449443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.409887075 CEST59448443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.409909010 CEST4435944813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.409921885 CEST59448443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.409928083 CEST4435944813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.410965919 CEST59449443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.410978079 CEST4435944913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.410988092 CEST59449443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.410993099 CEST4435944913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.414541960 CEST59453443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.414591074 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.414664030 CEST59453443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.415127993 CEST59454443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.415148973 CEST4435945413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.415210962 CEST59454443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.415287018 CEST4435945013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.415462971 CEST59453443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.415493011 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.415535927 CEST59454443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.415576935 CEST4435945413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.415746927 CEST59450443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.415761948 CEST4435945013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.416117907 CEST59450443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.416121960 CEST4435945013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.515788078 CEST4435945013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.515927076 CEST4435945013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.515980959 CEST59450443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.516084909 CEST59450443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.516099930 CEST4435945013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.516113043 CEST59450443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.516129971 CEST4435945013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.519120932 CEST59455443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.519202948 CEST4435945513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.519294977 CEST59455443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.519459009 CEST59455443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.519491911 CEST4435945513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.569802046 CEST44359447142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:48.570852995 CEST44359447142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:48.570915937 CEST59447443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:48.571270943 CEST59447443192.168.2.5142.250.181.238
                                                        Oct 4, 2024 19:21:48.571296930 CEST44359447142.250.181.238192.168.2.5
                                                        Oct 4, 2024 19:21:48.604610920 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.605282068 CEST59451443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.605365038 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.605882883 CEST59451443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.605897903 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.709430933 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.709501028 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.709580898 CEST59451443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.709618092 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.709651947 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.709706068 CEST59451443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.709836960 CEST59451443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.709837914 CEST59451443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.709875107 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.709897041 CEST4435945113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.713054895 CEST59456443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.713104010 CEST4435945613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.713197947 CEST59456443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.713363886 CEST59456443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.713395119 CEST4435945613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.732311964 CEST4435945213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.733130932 CEST59452443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.733187914 CEST4435945213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.733733892 CEST59452443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.733747005 CEST4435945213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.834956884 CEST4435945213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.835021973 CEST4435945213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.835077047 CEST59452443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.835246086 CEST59452443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.835246086 CEST59452443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.835277081 CEST4435945213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.835299969 CEST4435945213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.838260889 CEST59457443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.838289022 CEST4435945713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:48.838371038 CEST59457443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.838517904 CEST59457443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:48.838529110 CEST4435945713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.056545019 CEST4435945413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.056915045 CEST59454443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.056940079 CEST4435945413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.057311058 CEST59454443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.057316065 CEST4435945413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.057987928 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.058198929 CEST59453443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.058213949 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.058506966 CEST59453443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.058511972 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.173006058 CEST4435945413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.173033953 CEST4435945413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.173139095 CEST4435945413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.173206091 CEST59454443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.173206091 CEST59454443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.173373938 CEST59454443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.173393011 CEST4435945413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.173408985 CEST59454443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.173413992 CEST4435945413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.174290895 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.174324989 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.174365997 CEST59453443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.174372911 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.174514055 CEST59453443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.174525976 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.174535036 CEST59453443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.174726009 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.174766064 CEST4435945313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.174802065 CEST59453443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.176362991 CEST59458443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.176399946 CEST4435945813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.176462889 CEST59458443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.176604033 CEST59458443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.176615953 CEST4435945813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.176642895 CEST59459443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.176733017 CEST4435945913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.176805973 CEST59459443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.176877975 CEST59459443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.176902056 CEST4435945913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.202465057 CEST4435945513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.203008890 CEST59455443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.203032017 CEST4435945513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.203495979 CEST59455443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.203507900 CEST4435945513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.304708004 CEST4435945513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.304738998 CEST4435945513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.304784060 CEST4435945513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.304903984 CEST59455443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.305037022 CEST59455443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.305335999 CEST59455443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.305356026 CEST4435945513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.305371046 CEST59455443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.305376053 CEST4435945513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.308485985 CEST59460443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.308523893 CEST4435946013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.308620930 CEST59460443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.308768034 CEST59460443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.308784008 CEST4435946013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.384401083 CEST4435945613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.385092974 CEST59456443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.385129929 CEST4435945613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.385590076 CEST59456443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.385600090 CEST4435945613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.488321066 CEST4435945613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.488477945 CEST4435945613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.488549948 CEST59456443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.488759041 CEST59456443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.488759041 CEST59456443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.488780975 CEST4435945613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.488794088 CEST4435945613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.491580009 CEST59461443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.491594076 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.491663933 CEST59461443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.491843939 CEST59461443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.491852999 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.507030964 CEST4435945713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.507473946 CEST59457443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.507491112 CEST4435945713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.508204937 CEST59457443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.508212090 CEST4435945713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.608980894 CEST4435945713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.609016895 CEST4435945713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.609064102 CEST4435945713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.609103918 CEST59457443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.609103918 CEST59457443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.609956980 CEST59457443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.609956980 CEST59457443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.609976053 CEST4435945713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.609983921 CEST4435945713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.613547087 CEST59462443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.613574028 CEST4435946213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.613646984 CEST59462443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.613809109 CEST59462443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.613816023 CEST4435946213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.840552092 CEST4435945913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.841016054 CEST59459443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.841042995 CEST4435945913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.841717958 CEST59459443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.841723919 CEST4435945913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.898876905 CEST4435945813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.899411917 CEST59458443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.899422884 CEST4435945813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.900197983 CEST59458443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.900203943 CEST4435945813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.958517075 CEST4435945913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.958549976 CEST4435945913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.958605051 CEST4435945913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.958611012 CEST59459443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.958652020 CEST59459443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.958811045 CEST59459443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.958811045 CEST59459443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.958837986 CEST4435945913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.958862066 CEST4435945913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.961709976 CEST59463443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.961745977 CEST4435946313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.961817026 CEST59463443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.961931944 CEST59463443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.961950064 CEST4435946313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.976172924 CEST4435946013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.976622105 CEST59460443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.976629019 CEST4435946013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:49.977313042 CEST59460443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:49.977317095 CEST4435946013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.002868891 CEST4435945813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.002947092 CEST4435945813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.003149986 CEST59458443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.003405094 CEST59458443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.003417969 CEST4435945813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.003515005 CEST59458443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.003520966 CEST4435945813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.006524086 CEST59464443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.006565094 CEST4435946413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.006653070 CEST59464443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.006808996 CEST59464443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.006823063 CEST4435946413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.084000111 CEST4435946013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.084578991 CEST4435946013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.084839106 CEST59460443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.084839106 CEST59460443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.084839106 CEST59460443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.087404013 CEST59465443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.087450027 CEST4435946513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.087522030 CEST59465443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.087656021 CEST59465443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.087671995 CEST4435946513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.154650927 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.155214071 CEST59461443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.155231953 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.155702114 CEST59461443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.155706882 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.270994902 CEST4435946213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.271414995 CEST59462443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.271435976 CEST4435946213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.271970987 CEST59462443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.271975994 CEST4435946213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.292758942 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.292826891 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.292876959 CEST59461443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.292884111 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.292934895 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.292989969 CEST59461443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.293021917 CEST59461443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.293032885 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.293045044 CEST59461443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.293051004 CEST4435946113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.294975996 CEST59460443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.295005083 CEST4435946013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.295969009 CEST59466443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.295983076 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.296044111 CEST59466443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.296144009 CEST59466443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.296150923 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.372224092 CEST4435946213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.372337103 CEST4435946213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.372394085 CEST59462443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.372498989 CEST59462443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.372510910 CEST4435946213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.372520924 CEST59462443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.372526884 CEST4435946213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.375011921 CEST59467443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.375055075 CEST4435946713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.375125885 CEST59467443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.375277042 CEST59467443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.375303030 CEST4435946713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.614720106 CEST4435946313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.615246058 CEST59463443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.615263939 CEST4435946313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.615823030 CEST59463443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.615827084 CEST4435946313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.644387007 CEST4435946413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.644730091 CEST59464443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.644747019 CEST4435946413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.645080090 CEST59464443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.645090103 CEST4435946413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.720901966 CEST4435946313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.721596956 CEST4435946313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.721645117 CEST4435946313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.721647024 CEST59463443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.721694946 CEST59463443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.721738100 CEST59463443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.721756935 CEST4435946313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.721767902 CEST59463443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.721772909 CEST4435946313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.724054098 CEST59468443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.724144936 CEST4435946813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.724232912 CEST59468443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.724333048 CEST59468443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.724354029 CEST4435946813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.749448061 CEST4435946413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.749515057 CEST4435946413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.749600887 CEST59464443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.752732038 CEST4435946513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.769853115 CEST59464443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.769881964 CEST4435946413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.769907951 CEST59464443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.769922972 CEST4435946413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.771882057 CEST59465443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.771889925 CEST4435946513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.772331953 CEST59465443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.772345066 CEST4435946513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.775129080 CEST59469443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.775161028 CEST4435946913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.775219917 CEST59469443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.775372028 CEST59469443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.775402069 CEST4435946913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.874655008 CEST4435946513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.875170946 CEST4435946513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.875219107 CEST59465443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.881925106 CEST59465443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.881933928 CEST4435946513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.881947994 CEST59465443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.881954908 CEST4435946513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.912844896 CEST59470443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.912879944 CEST4435947013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.912938118 CEST59470443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:50.973900080 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:50.975708961 CEST4435946713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.026436090 CEST59466443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.026443005 CEST59467443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.039958000 CEST59470443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.039978027 CEST4435947013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.056127071 CEST59466443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.056132078 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.056488991 CEST59466443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.056493044 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.056694031 CEST59467443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.056709051 CEST4435946713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.057003021 CEST59467443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.057029009 CEST4435946713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.159085035 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.160237074 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.160304070 CEST59466443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.160320044 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.160355091 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.160401106 CEST59466443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.160676003 CEST59466443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.160685062 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.160710096 CEST59466443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.160715103 CEST4435946613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.164056063 CEST4435946713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.164123058 CEST4435946713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.164182901 CEST59467443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.164391994 CEST59471443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.164450884 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.164479971 CEST59467443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.164496899 CEST4435946713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.164552927 CEST59471443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.165023088 CEST59471443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.165052891 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.167378902 CEST59472443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.167413950 CEST4435947213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.167473078 CEST59472443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.167752028 CEST59472443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.167766094 CEST4435947213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.362966061 CEST4435946813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.363667965 CEST59468443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.363697052 CEST4435946813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.364176035 CEST59468443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.364182949 CEST4435946813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.431029081 CEST4435946913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.431813002 CEST59469443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.431849957 CEST4435946913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.432605028 CEST59469443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.432614088 CEST4435946913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.468225002 CEST4435946813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.468414068 CEST4435946813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.468600988 CEST59468443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.468600988 CEST59468443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.468600988 CEST59468443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.471713066 CEST59473443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.471744061 CEST4435947313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.471832991 CEST59473443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.472001076 CEST59473443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.472012997 CEST4435947313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.531428099 CEST4435946913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.531819105 CEST4435946913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.531872034 CEST4435946913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.531878948 CEST59469443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.532046080 CEST59469443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.532046080 CEST59469443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.532046080 CEST59469443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.534487009 CEST59474443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.534516096 CEST4435947413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.534580946 CEST59474443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.534703970 CEST59474443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.534719944 CEST4435947413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.704642057 CEST4435947013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.705277920 CEST59470443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.705302954 CEST4435947013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.705689907 CEST59470443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.705696106 CEST4435947013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.722264051 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.722757101 CEST59471443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.722835064 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.723213911 CEST59471443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.723227978 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.772573948 CEST59468443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.772643089 CEST4435946813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.819916964 CEST4435947013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.820265055 CEST4435947013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.820322990 CEST59470443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.821491003 CEST4435947213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.825032949 CEST59470443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.825032949 CEST59470443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.825047970 CEST4435947013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.825053930 CEST4435947013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.826030016 CEST59472443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.826112032 CEST4435947213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.826477051 CEST59472443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.826492071 CEST4435947213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.828428984 CEST59475443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.828493118 CEST4435947513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.828578949 CEST59475443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.828696966 CEST59475443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.828718901 CEST4435947513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.834552050 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.834623098 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.834680080 CEST59471443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.834719896 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.834753036 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.834799051 CEST59471443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.834836960 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.834866047 CEST59471443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.834866047 CEST59471443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.834883928 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.834903002 CEST4435947113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.835146904 CEST59469443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.835153103 CEST4435946913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.838001966 CEST59476443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.838031054 CEST4435947613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.838243961 CEST59476443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.838243961 CEST59476443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.838268042 CEST4435947613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.932742119 CEST4435947213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.933974028 CEST4435947213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.934083939 CEST59472443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.934168100 CEST59472443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.934169054 CEST59472443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.934218884 CEST4435947213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.934254885 CEST4435947213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.938203096 CEST59477443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.938256025 CEST4435947713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:51.938325882 CEST59477443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.938569069 CEST59477443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:51.938608885 CEST4435947713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.140520096 CEST4435947313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.141184092 CEST59473443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.141213894 CEST4435947313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.141568899 CEST59473443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.141573906 CEST4435947313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.175740004 CEST4435947413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.176105976 CEST59474443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.176116943 CEST4435947413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.176462889 CEST59474443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.176467896 CEST4435947413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.244340897 CEST4435947313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.244661093 CEST4435947313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.244729996 CEST59473443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.244781971 CEST59473443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.244801998 CEST4435947313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.244813919 CEST59473443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.244820118 CEST4435947313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.247401953 CEST59478443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.247452021 CEST4435947813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.247534037 CEST59478443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.247673035 CEST59478443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.247693062 CEST4435947813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.304825068 CEST4435947413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.304852009 CEST4435947413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.304909945 CEST4435947413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.304950953 CEST59474443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.304987907 CEST59474443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.305169106 CEST59474443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.305187941 CEST4435947413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.305200100 CEST59474443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.305205107 CEST4435947413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.307648897 CEST59479443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.307692051 CEST4435947913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.307776928 CEST59479443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.307931900 CEST59479443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.307945013 CEST4435947913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.477350950 CEST4435947513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.477942944 CEST59475443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.477961063 CEST4435947513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.478291035 CEST59475443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.478296995 CEST4435947513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.521847963 CEST4435947613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.522315025 CEST59476443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.522330046 CEST4435947613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.522851944 CEST59476443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.522855997 CEST4435947613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.588166952 CEST4435947713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.588804960 CEST59477443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.588881016 CEST4435947713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.589118004 CEST59477443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.589132071 CEST4435947713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.614372969 CEST4435947513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.614552975 CEST4435947513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.614718914 CEST59475443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.614718914 CEST59475443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.614718914 CEST59475443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.617331982 CEST59480443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.617360115 CEST4435948013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.617445946 CEST59480443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.617589951 CEST59480443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.617604017 CEST4435948013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.625281096 CEST4435947613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.625493050 CEST4435947613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.625552893 CEST59476443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.625585079 CEST59476443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.625598907 CEST4435947613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.625607014 CEST59476443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.625612974 CEST4435947613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.627783060 CEST59481443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.627871990 CEST4435948113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.627960920 CEST59481443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.628098011 CEST59481443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.628130913 CEST4435948113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.687180042 CEST4435947713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.687261105 CEST4435947713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.687371016 CEST4435947713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.687449932 CEST59477443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.687449932 CEST59477443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.687577963 CEST59477443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.687577963 CEST59477443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.687614918 CEST4435947713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.687639952 CEST4435947713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.690367937 CEST59482443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.690402985 CEST4435948213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.690509081 CEST59482443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.690663099 CEST59482443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.690690994 CEST4435948213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.889436007 CEST4435947813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.890156031 CEST59478443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.890172005 CEST4435947813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.890680075 CEST59478443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.890685081 CEST4435947813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.920799017 CEST59475443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.920816898 CEST4435947513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.981715918 CEST4435947913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.982254028 CEST59479443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.982270002 CEST4435947913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.982779026 CEST59479443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.982783079 CEST4435947913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.990804911 CEST4435947813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.990881920 CEST4435947813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.990938902 CEST59478443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.991059065 CEST59478443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.991082907 CEST4435947813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.991103888 CEST59478443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.991110086 CEST4435947813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.993705988 CEST59483443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.993757963 CEST4435948313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:52.993824959 CEST59483443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.993994951 CEST59483443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:52.994009972 CEST4435948313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.087529898 CEST4435947913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.087590933 CEST4435947913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.087631941 CEST4435947913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.087733030 CEST59479443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.087928057 CEST59479443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.087941885 CEST4435947913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.087949991 CEST59479443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.087956905 CEST4435947913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.090569019 CEST59484443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.090606928 CEST4435948413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.090687990 CEST59484443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.090828896 CEST59484443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.090846062 CEST4435948413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.265995979 CEST4435948013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.271251917 CEST59480443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.271280050 CEST4435948013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.271600962 CEST59480443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.271605968 CEST4435948013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.309674025 CEST4435948113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.310302019 CEST59481443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.310363054 CEST4435948113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.310722113 CEST59481443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.310738087 CEST4435948113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.327708006 CEST4435948213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.338393927 CEST59482443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.338426113 CEST4435948213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.338908911 CEST59482443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.338920116 CEST4435948213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.368453979 CEST4435948013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.368540049 CEST4435948013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.368730068 CEST59480443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.379899979 CEST59480443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.379899979 CEST59480443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.379919052 CEST4435948013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.379928112 CEST4435948013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.382462978 CEST59485443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.382488966 CEST4435948513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.382559061 CEST59485443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.382687092 CEST59485443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.382703066 CEST4435948513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.414834976 CEST4435948113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.415014982 CEST4435948113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.415102959 CEST59481443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.438863039 CEST4435948213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.439038992 CEST4435948213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.439137936 CEST59482443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.459578037 CEST59481443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.459578037 CEST59481443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.459614992 CEST4435948113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.459642887 CEST4435948113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.510080099 CEST59482443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.510096073 CEST4435948213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.557667971 CEST59486443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.557708979 CEST4435948613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.557790995 CEST59486443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.558233023 CEST59486443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.558259964 CEST4435948613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.558818102 CEST59487443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.558856964 CEST4435948713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.559108019 CEST59487443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.559233904 CEST59487443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.559250116 CEST4435948713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.670644999 CEST4435948313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.671744108 CEST59483443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.671761990 CEST4435948313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.672487020 CEST59483443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.672491074 CEST4435948313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.743633032 CEST4435948413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.747942924 CEST59484443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.747958899 CEST4435948413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.748482943 CEST59484443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.748487949 CEST4435948413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.775429964 CEST4435948313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.775680065 CEST4435948313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.775738001 CEST4435948313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.775844097 CEST59483443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.775844097 CEST59483443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.775973082 CEST59483443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.775985956 CEST4435948313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.775995970 CEST59483443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.776000977 CEST4435948313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.778486967 CEST59488443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.778505087 CEST4435948813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.778573990 CEST59488443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.778692961 CEST59488443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.778708935 CEST4435948813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.845823050 CEST4435948413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.846997023 CEST4435948413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.847044945 CEST59484443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.848162889 CEST59484443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.848184109 CEST4435948413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.848196030 CEST59484443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.848202944 CEST4435948413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.850563049 CEST59489443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.850619078 CEST4435948913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:53.850766897 CEST59489443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.850895882 CEST59489443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:53.850924015 CEST4435948913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.014192104 CEST4435948513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.016383886 CEST59485443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.016413927 CEST4435948513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.016706944 CEST59485443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.016714096 CEST4435948513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.116332054 CEST4435948513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.116571903 CEST4435948513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.116614103 CEST4435948513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.116745949 CEST59485443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.116746902 CEST59485443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.116746902 CEST59485443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.119415045 CEST59485443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.119415045 CEST59490443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.119456053 CEST4435948513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.119493961 CEST4435949013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.119571924 CEST59490443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.119716883 CEST59490443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.119745970 CEST4435949013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.248254061 CEST4435948713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.248707056 CEST59487443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.248719931 CEST4435948713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.249259949 CEST59487443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.249263048 CEST4435948713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.350732088 CEST4435948713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.350909948 CEST4435948713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.350961924 CEST59487443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.350965023 CEST4435948713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.351114988 CEST59487443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.351114988 CEST59487443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.353615999 CEST59491443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.353615999 CEST59487443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.353655100 CEST4435949113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.353666067 CEST4435948713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.353755951 CEST59491443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.353878021 CEST59491443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.353890896 CEST4435949113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.477013111 CEST4435948813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.477551937 CEST59488443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.477576017 CEST4435948813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.478053093 CEST59488443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.478060007 CEST4435948813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.504991055 CEST4435948913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.505481958 CEST59489443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.505527020 CEST4435948913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.505753040 CEST59489443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.505764961 CEST4435948913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.596204042 CEST4435948813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.596276999 CEST4435948813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.596326113 CEST59488443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.596584082 CEST59488443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.596601963 CEST4435948813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.596613884 CEST59488443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.596627951 CEST4435948813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.599361897 CEST59492443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.599402905 CEST4435949213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.599482059 CEST59492443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.599651098 CEST59492443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.599668026 CEST4435949213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.606616974 CEST4435948913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.606667995 CEST4435948913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.606723070 CEST59489443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.606782913 CEST59489443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.606784105 CEST59489443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.606812954 CEST4435948913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.606836081 CEST4435948913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.608688116 CEST59493443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.608777046 CEST4435949313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.608860016 CEST59493443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.608977079 CEST59493443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.609009981 CEST4435949313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.783631086 CEST4435949013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.784138918 CEST59490443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.784154892 CEST4435949013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.784559011 CEST59490443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.784564972 CEST4435949013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.886394024 CEST4435949013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.886573076 CEST4435949013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.886636972 CEST59490443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.887125015 CEST59490443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.887125015 CEST59490443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.887137890 CEST4435949013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.887149096 CEST4435949013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.891329050 CEST59494443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.891377926 CEST4435949413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:54.891462088 CEST59494443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.891649961 CEST59494443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:54.891680002 CEST4435949413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.011359930 CEST4435949113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.012051105 CEST59491443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.012073994 CEST4435949113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.012433052 CEST59491443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.012439013 CEST4435949113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.112973928 CEST4435949113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.113023996 CEST4435949113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.113075018 CEST4435949113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.113327980 CEST59491443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.113328934 CEST59491443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.113461018 CEST59491443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.113485098 CEST4435949113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.113497019 CEST59491443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.113502979 CEST4435949113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.116734028 CEST59495443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.116760969 CEST4435949513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.116858006 CEST59495443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.117062092 CEST59495443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.117075920 CEST4435949513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.251950026 CEST4435949313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.253115892 CEST59493443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.253190994 CEST4435949313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.253906965 CEST4435949213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.256294012 CEST59493443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.256309986 CEST4435949313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.256597042 CEST59492443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.256628036 CEST4435949213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.256930113 CEST59492443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.256933928 CEST4435949213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.354461908 CEST4435949213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.354536057 CEST4435949213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.354696035 CEST59492443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.354856014 CEST59492443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.354871035 CEST4435949213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.354882956 CEST59492443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.354887962 CEST4435949213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.358086109 CEST59496443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.358105898 CEST4435949613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.358198881 CEST59496443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.358484030 CEST59496443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.358494043 CEST4435949613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.364155054 CEST4435949313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.364209890 CEST4435949313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.364272118 CEST59493443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.364429951 CEST59493443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.364429951 CEST59493443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.364465952 CEST4435949313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.364487886 CEST4435949313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.366692066 CEST59497443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.366760969 CEST4435949713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.366856098 CEST59497443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.367033005 CEST59497443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.367069960 CEST4435949713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.564481020 CEST4435949413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.566106081 CEST59494443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.566138029 CEST4435949413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.567097902 CEST59494443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.567111015 CEST4435949413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.685270071 CEST4435949413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.686520100 CEST4435949413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.686610937 CEST59494443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.688518047 CEST59494443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.688539982 CEST4435949413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.688572884 CEST59494443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.688587904 CEST4435949413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.692557096 CEST59498443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.692650080 CEST4435949813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.692748070 CEST59498443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.692964077 CEST59498443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.693002939 CEST4435949813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.766099930 CEST4435948613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.780930042 CEST59486443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.780992031 CEST4435948613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.781569958 CEST59486443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.781584024 CEST4435948613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.926412106 CEST4435949513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.962173939 CEST59495443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.962198019 CEST4435949513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.963202000 CEST59495443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:55.963206053 CEST4435949513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.982028961 CEST4435948613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.982187986 CEST4435948613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:55.982264042 CEST59486443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.029076099 CEST59486443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.029109955 CEST4435948613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.036051035 CEST59499443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.036077023 CEST4435949913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.036148071 CEST59499443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.036329985 CEST59499443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.036340952 CEST4435949913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.074532986 CEST4435949513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.074742079 CEST4435949513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.074794054 CEST59495443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.074913979 CEST59495443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.074927092 CEST4435949513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.074938059 CEST59495443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.074942112 CEST4435949513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.080476999 CEST59500443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.080511093 CEST4435950013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.080605030 CEST59500443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.080961943 CEST59500443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.080976963 CEST4435950013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.179128885 CEST4435949613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.179668903 CEST59496443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.179682970 CEST4435949613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.180269003 CEST59496443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.180274010 CEST4435949613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.182528019 CEST4435949713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.183057070 CEST59497443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.183115005 CEST4435949713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.183520079 CEST59497443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.183537960 CEST4435949713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.282339096 CEST4435949713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.282538891 CEST4435949713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.282617092 CEST4435949613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.282629013 CEST59497443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.283901930 CEST4435949613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.283966064 CEST59496443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.287761927 CEST59497443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.287817955 CEST4435949713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.287858963 CEST59497443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.287877083 CEST4435949713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.289257050 CEST59496443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.289268970 CEST4435949613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.289294958 CEST59496443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.289300919 CEST4435949613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.292407036 CEST59501443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.292452097 CEST4435950113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.292527914 CEST59501443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.293749094 CEST59502443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.293757915 CEST4435950213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.293823957 CEST59502443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.294658899 CEST59501443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.294675112 CEST4435950113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.294811964 CEST59502443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.294822931 CEST4435950213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.446130991 CEST4435949813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.446773052 CEST59498443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.446798086 CEST4435949813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.447216988 CEST59498443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.447222948 CEST4435949813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.545423031 CEST4435949813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.545588970 CEST4435949813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.545696974 CEST59498443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.545833111 CEST59498443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.545850992 CEST4435949813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.545862913 CEST59498443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.545869112 CEST4435949813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.549105883 CEST59503443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.549139023 CEST4435950313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.549237967 CEST59503443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.549441099 CEST59503443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.549455881 CEST4435950313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.675806046 CEST4435949913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.677769899 CEST59499443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.677791119 CEST4435949913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.678289890 CEST59499443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.678306103 CEST4435949913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.716044903 CEST4435950013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.718432903 CEST59500443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.718457937 CEST4435950013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.719074011 CEST59500443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.719079971 CEST4435950013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.774318933 CEST4435949913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.774962902 CEST4435949913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.775038958 CEST59499443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.775049925 CEST4435949913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.775074959 CEST4435949913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.775201082 CEST59499443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.775202036 CEST59499443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.775348902 CEST59499443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.775362968 CEST4435949913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.777460098 CEST59504443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.777565002 CEST4435950413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.777669907 CEST59504443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.777786016 CEST59504443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.777816057 CEST4435950413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.814909935 CEST4435950013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.815197945 CEST4435950013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.815287113 CEST59500443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.815287113 CEST59500443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.815371990 CEST59500443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.815413952 CEST4435950013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.819412947 CEST59505443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.819453001 CEST4435950513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.819525003 CEST59505443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.819778919 CEST59505443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.819797039 CEST4435950513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.940589905 CEST4435950213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.941409111 CEST59502443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.941452026 CEST4435950213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.941652060 CEST59502443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.941658020 CEST4435950213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.950359106 CEST4435950113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.950691938 CEST59501443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.950709105 CEST4435950113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:56.951019049 CEST59501443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:56.951025963 CEST4435950113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.206845999 CEST4435950213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.206934929 CEST4435950213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.207010984 CEST59502443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.207223892 CEST59502443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.207245111 CEST4435950213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.207257032 CEST59502443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.207262993 CEST4435950213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.208679914 CEST4435950113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.208708048 CEST4435950113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.208749056 CEST4435950113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.208765030 CEST59501443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.208815098 CEST59501443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.208965063 CEST59501443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.208970070 CEST4435950113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.208987951 CEST59501443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.208992004 CEST4435950113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.210210085 CEST59506443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.210263968 CEST4435950613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.210349083 CEST59506443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.210546017 CEST59506443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.210561037 CEST4435950613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.211213112 CEST59507443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.211262941 CEST4435950713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.211338043 CEST59507443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.211458921 CEST59507443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.211472988 CEST4435950713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.392700911 CEST4435950313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.393268108 CEST59503443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.393286943 CEST4435950313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.393734932 CEST59503443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.393740892 CEST4435950313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.456648111 CEST4435950413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.457299948 CEST59504443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.457334042 CEST4435950413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.457920074 CEST59504443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.457927942 CEST4435950413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.492660046 CEST4435950313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.492786884 CEST4435950313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.492835045 CEST4435950313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.492882967 CEST59503443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.492924929 CEST59503443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.493161917 CEST59503443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.493172884 CEST4435950313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.493186951 CEST59503443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.493191957 CEST4435950313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.496567011 CEST59508443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.496598005 CEST4435950813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.496692896 CEST59508443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.496864080 CEST59508443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.496877909 CEST4435950813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.500178099 CEST4435950513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.500801086 CEST59505443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.500811100 CEST4435950513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.502154112 CEST59505443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.502159119 CEST4435950513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.564174891 CEST4435950413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.564968109 CEST4435950413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.565043926 CEST59504443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.565078974 CEST59504443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.565093994 CEST4435950413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.565110922 CEST59504443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.565118074 CEST4435950413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.568748951 CEST59509443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.568774939 CEST4435950913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.569015980 CEST59509443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.569015980 CEST59509443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.569041014 CEST4435950913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.606811047 CEST4435950513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.606865883 CEST4435950513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.606937885 CEST59505443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.607165098 CEST59505443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.607177973 CEST4435950513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.607192039 CEST59505443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.607198000 CEST4435950513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.612200975 CEST59510443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.612221003 CEST4435951013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.612519026 CEST59510443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.612519026 CEST59510443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.612538099 CEST4435951013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.859534979 CEST4435950713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.860112906 CEST59507443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.860157967 CEST4435950713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.860832930 CEST59507443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.860838890 CEST4435950713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.872111082 CEST4435950613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.872467995 CEST59506443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.872508049 CEST4435950613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.873007059 CEST59506443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.873013973 CEST4435950613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.974312067 CEST4435950713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.974345922 CEST4435950713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.974399090 CEST4435950713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.974419117 CEST59507443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.974600077 CEST59507443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.974600077 CEST59507443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.974600077 CEST59507443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.976655006 CEST4435950613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.976811886 CEST4435950613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.976871014 CEST59506443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.976893902 CEST59506443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.976907969 CEST4435950613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.976929903 CEST59506443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.976937056 CEST4435950613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.977252960 CEST59511443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.977303982 CEST4435951113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.977375031 CEST59511443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.977498055 CEST59511443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.977514982 CEST4435951113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.979271889 CEST59512443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.979309082 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:57.979381084 CEST59512443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.979494095 CEST59512443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:57.979511023 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.132142067 CEST4435950813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.132780075 CEST59508443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.132817030 CEST4435950813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.133318901 CEST59508443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.133327007 CEST4435950813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.216902971 CEST4435950913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.220114946 CEST59509443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.220175028 CEST4435950913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.220479012 CEST59509443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.220498085 CEST4435950913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.232883930 CEST4435950813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.232939005 CEST4435950813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.233019114 CEST59508443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.235965014 CEST59508443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.235976934 CEST4435950813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.235994101 CEST59508443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.235999107 CEST4435950813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.238486052 CEST59513443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.238560915 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.238785982 CEST59513443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.238899946 CEST59513443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.238929987 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.273603916 CEST4435951013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.274894953 CEST59510443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.274918079 CEST4435951013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.275402069 CEST59510443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.275405884 CEST4435951013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.280138016 CEST59507443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.280162096 CEST4435950713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.323916912 CEST4435950913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.324002981 CEST4435950913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.324358940 CEST59509443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.324358940 CEST59509443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.325668097 CEST59509443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.325687885 CEST4435950913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.326961994 CEST59514443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.327049017 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.329791069 CEST59514443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.331095934 CEST59514443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.331132889 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.377072096 CEST4435951013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.377095938 CEST4435951013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.377437115 CEST4435951013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.377490044 CEST59510443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.377490044 CEST59510443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.390352011 CEST59510443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.390352011 CEST59510443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.390371084 CEST4435951013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.390381098 CEST4435951013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.431768894 CEST59515443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.431832075 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.431936026 CEST59515443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.435411930 CEST59515443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.435446024 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.626581907 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.627262115 CEST59512443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.627295017 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.627580881 CEST59512443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.627588987 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.630896091 CEST4435951113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.631201982 CEST59511443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.631261110 CEST4435951113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.631479025 CEST59511443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.631494999 CEST4435951113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.732403994 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.732415915 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.732605934 CEST59512443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.732629061 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.732824087 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.732933998 CEST59512443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.733002901 CEST59512443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.733002901 CEST59512443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.733042002 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.733062983 CEST4435951213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.733989000 CEST4435951113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.734143019 CEST4435951113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.734232903 CEST59511443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.734381914 CEST59511443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.734419107 CEST4435951113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.734436035 CEST59511443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.734451056 CEST4435951113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.735995054 CEST59516443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.736049891 CEST4435951613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.736304045 CEST59517443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.736335993 CEST4435951713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.736350060 CEST59516443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.736444950 CEST59517443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.736483097 CEST59516443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.736504078 CEST4435951613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.736572027 CEST59517443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.736582994 CEST4435951713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.924890995 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.925393105 CEST59513443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.925445080 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.925825119 CEST59513443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.925838947 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.990159988 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.990493059 CEST59514443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.990509033 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:58.990828037 CEST59514443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:58.990833044 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.029745102 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.029762983 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.029925108 CEST59513443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.029951096 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.030132055 CEST59513443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.030132055 CEST59513443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.030170918 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.030307055 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.030335903 CEST4435951313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.030795097 CEST59513443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.032748938 CEST59518443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.032783031 CEST4435951813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.032974005 CEST59518443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.033019066 CEST59518443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.033024073 CEST4435951813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.095065117 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.095604897 CEST59515443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.095627069 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.095925093 CEST59515443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.095932961 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.098268986 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.098287106 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.098362923 CEST59514443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.098404884 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.098579884 CEST59514443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.098579884 CEST59514443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.098619938 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.098771095 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.098798990 CEST4435951413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.100860119 CEST59514443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.100954056 CEST59519443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.101049900 CEST4435951913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.101744890 CEST59519443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.101857901 CEST59519443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.101895094 CEST4435951913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.208641052 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.208695889 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.208766937 CEST59515443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.208786011 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.208966970 CEST59515443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.208985090 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.208993912 CEST59515443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.209347010 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.209428072 CEST4435951513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.209472895 CEST59515443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.211381912 CEST59520443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.211411953 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.211477995 CEST59520443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.211597919 CEST59520443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.211610079 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.396050930 CEST4435951713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.396747112 CEST59517443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.396763086 CEST4435951713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.396958113 CEST59517443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.396961927 CEST4435951713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.406014919 CEST4435951613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.406500101 CEST59516443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.406565905 CEST4435951613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.406744957 CEST59516443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.406759977 CEST4435951613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.500461102 CEST4435951713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.500524044 CEST4435951713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.500591040 CEST59517443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.500825882 CEST59517443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.500825882 CEST59517443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.500840902 CEST4435951713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.500844002 CEST4435951713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.503488064 CEST59521443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.503520012 CEST4435952113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.503602028 CEST59521443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.503756046 CEST59521443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.503768921 CEST4435952113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.510998964 CEST4435951613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.511143923 CEST4435951613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.511212111 CEST59516443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.511265039 CEST59516443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.511296034 CEST4435951613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.511344910 CEST59516443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.511360884 CEST4435951613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.513108015 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.513128996 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.513215065 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.513329983 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.513353109 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.669651985 CEST4435951813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.670104027 CEST59518443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.670121908 CEST4435951813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.670502901 CEST59518443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.670507908 CEST4435951813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.754034042 CEST4435951913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.754462957 CEST59519443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.754535913 CEST4435951913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.754966974 CEST59519443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.755023003 CEST4435951913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.778064013 CEST4435951813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.778126955 CEST4435951813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.778184891 CEST59518443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.778340101 CEST59518443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.778356075 CEST4435951813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.778364897 CEST59518443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.778371096 CEST4435951813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.781219959 CEST59523443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.781246901 CEST4435952313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.781317949 CEST59523443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.781443119 CEST59523443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.781452894 CEST4435952313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.857402086 CEST4435951913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.857496977 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.857707977 CEST4435951913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.857867956 CEST59519443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.857913017 CEST59520443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.857918978 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.858666897 CEST59520443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.858669996 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.858705997 CEST59519443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.858705997 CEST59519443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.858755112 CEST4435951913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.858782053 CEST4435951913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.860997915 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.861021042 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.861080885 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.861222982 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.861232042 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.956451893 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.956470013 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.956547976 CEST59520443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.956572056 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.956618071 CEST59520443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.956770897 CEST59520443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.956774950 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.956790924 CEST59520443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.956923008 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.956955910 CEST4435952013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.956999063 CEST59520443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.959093094 CEST59525443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.959168911 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:21:59.959259987 CEST59525443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.959413052 CEST59525443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:21:59.959441900 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.175833941 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.176302910 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.176328897 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.176755905 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.176765919 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.178019047 CEST4435952113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.178344965 CEST59521443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.178358078 CEST4435952113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.178786993 CEST59521443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.178796053 CEST4435952113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.279762983 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.279825926 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.279869080 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.279898882 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.279930115 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.279957056 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.279982090 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.282164097 CEST4435952113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.282188892 CEST4435952113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.282237053 CEST4435952113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.282258034 CEST59521443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.282289028 CEST59521443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.282510042 CEST59521443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.282537937 CEST4435952113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.282561064 CEST59521443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.282572985 CEST4435952113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.285417080 CEST59526443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.285481930 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.285559893 CEST59526443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.285712004 CEST59526443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.285738945 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.366781950 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.366872072 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.366892099 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.366930008 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.366930008 CEST59522443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.366945028 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.366980076 CEST4435952213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.368940115 CEST59527443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.368968010 CEST4435952713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.369039059 CEST59527443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.369157076 CEST59527443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.369170904 CEST4435952713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.428268909 CEST4435952313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.428828001 CEST59523443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.428860903 CEST4435952313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.429096937 CEST59523443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.429100990 CEST4435952313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.518990993 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.519514084 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.519540071 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.519910097 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.519917011 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.531325102 CEST4435952313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.531344891 CEST4435952313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.531382084 CEST4435952313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.531399012 CEST59523443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.531567097 CEST59523443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.531567097 CEST59523443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.531568050 CEST59523443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.534022093 CEST59528443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.534053087 CEST4435952813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.534133911 CEST59528443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.534282923 CEST59528443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.534295082 CEST4435952813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.615900040 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.616326094 CEST59525443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.616379976 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.616727114 CEST59525443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.616739035 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.624109983 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.624145985 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.624169111 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.624265909 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.624265909 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.624283075 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.624417067 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.708765984 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.708802938 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.708834887 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.708848000 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.708893061 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.708893061 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.708925962 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.709000111 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.709098101 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.709110022 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.709161997 CEST59524443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.709167957 CEST4435952413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.711725950 CEST59529443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.711839914 CEST4435952913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.711922884 CEST59529443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.712033987 CEST59529443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.712070942 CEST4435952913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.717725039 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.717793941 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.717856884 CEST59525443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.717880011 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.717926025 CEST59525443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.718055964 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.718115091 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.718205929 CEST59525443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.718205929 CEST59525443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.718271971 CEST59525443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.718295097 CEST4435952513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.720277071 CEST59530443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.720302105 CEST4435953013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.720385075 CEST59530443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.720488071 CEST59530443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.720514059 CEST4435953013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.839292049 CEST59523443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:00.839330912 CEST4435952313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.933087111 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:00.984623909 CEST59526443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.002839088 CEST59526443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.002859116 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.003838062 CEST59526443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.003844023 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.010045052 CEST4435952713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.010807037 CEST59527443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.010807037 CEST59527443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.010828972 CEST4435952713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.010848045 CEST4435952713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.100377083 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.100395918 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.100440979 CEST59526443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.100502014 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.100696087 CEST59526443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.100696087 CEST59526443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.100733995 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.100862980 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.100888014 CEST4435952613.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.100924015 CEST59526443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.103887081 CEST59531443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.103913069 CEST4435953113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.104024887 CEST59531443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.104182959 CEST59531443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.104193926 CEST4435953113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.108803988 CEST4435952713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.108958006 CEST4435952713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.109025955 CEST59527443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.109097004 CEST59527443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.109097004 CEST59527443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.109113932 CEST4435952713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.109122038 CEST4435952713.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.111443996 CEST59532443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.111521006 CEST4435953213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.111594915 CEST59532443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.111716032 CEST59532443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.111748934 CEST4435953213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.180100918 CEST4435952813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.180603981 CEST59528443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.180614948 CEST4435952813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.181180954 CEST59528443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.181185961 CEST4435952813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.283014059 CEST4435952813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.283081055 CEST4435952813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.283354998 CEST59528443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.283354998 CEST59528443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.283399105 CEST59528443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.283409119 CEST4435952813.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.285960913 CEST59533443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.286005974 CEST4435953313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.286087990 CEST59533443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.286256075 CEST59533443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.286271095 CEST4435953313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.388030052 CEST4435952913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.388503075 CEST59529443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.388561010 CEST4435952913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.388923883 CEST59529443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.388936043 CEST4435952913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.412328959 CEST4435953013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.414522886 CEST59530443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.414544106 CEST4435953013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.414926052 CEST59530443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.414936066 CEST4435953013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.493935108 CEST4435952913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.494298935 CEST4435952913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.494376898 CEST59529443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.494429111 CEST59529443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.494463921 CEST4435952913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.494489908 CEST59529443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.494504929 CEST4435952913.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.497143984 CEST59534443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.497189999 CEST4435953413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.497262955 CEST59534443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.497417927 CEST59534443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.497431040 CEST4435953413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.519908905 CEST4435953013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.519958019 CEST4435953013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.520056009 CEST59530443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.520287037 CEST59530443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.520287037 CEST59530443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.520307064 CEST4435953013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.520315886 CEST4435953013.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.523042917 CEST59535443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.523075104 CEST4435953513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.523159981 CEST59535443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.523323059 CEST59535443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.523334980 CEST4435953513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.750309944 CEST4435953113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.754280090 CEST59531443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.754298925 CEST4435953113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.754728079 CEST59531443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.754733086 CEST4435953113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.770629883 CEST4435953213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.774168968 CEST59532443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.774193048 CEST4435953213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.774571896 CEST59532443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.774580002 CEST4435953213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.853799105 CEST4435953113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.853838921 CEST4435953113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.853880882 CEST4435953113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.853935957 CEST59531443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.854075909 CEST59531443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.854083061 CEST4435953113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.854104042 CEST59531443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.854109049 CEST4435953113.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.872462034 CEST4435953213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.872632980 CEST4435953213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.872699022 CEST59532443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.872798920 CEST59532443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.872813940 CEST4435953213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.872840881 CEST59532443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.872847080 CEST4435953213.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.948231936 CEST4435953313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.949018955 CEST59533443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.949090004 CEST4435953313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:01.949433088 CEST59533443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:01.949449062 CEST4435953313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.066107035 CEST4435953313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.066298008 CEST4435953313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.066416025 CEST59533443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.066649914 CEST59533443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.066703081 CEST4435953313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.066734076 CEST59533443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.066751003 CEST4435953313.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.174285889 CEST4435953513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.174529076 CEST4435953413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.175101042 CEST59535443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.175127029 CEST4435953513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.175141096 CEST59534443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.175205946 CEST4435953413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.175551891 CEST59534443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.175564051 CEST59535443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.175568104 CEST4435953413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.175571918 CEST4435953513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.275037050 CEST4435953513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.275213957 CEST4435953513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.275270939 CEST59535443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.277440071 CEST59535443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.277465105 CEST4435953513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.277477980 CEST59535443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.277483940 CEST4435953513.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.283006907 CEST4435953413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.283071995 CEST4435953413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.283154011 CEST59534443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.283221960 CEST59534443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.283250093 CEST4435953413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:02.283272028 CEST59534443192.168.2.513.107.246.45
                                                        Oct 4, 2024 19:22:02.283277988 CEST4435953413.107.246.45192.168.2.5
                                                        Oct 4, 2024 19:22:04.938519955 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:04.938563108 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:04.938632965 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:04.938937902 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:04.938950062 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:05.789604902 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:05.789664984 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:05.793066025 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:05.793072939 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:05.793279886 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:05.803606033 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:05.851409912 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:06.132452965 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:06.132472992 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:06.132486105 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:06.132644892 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:06.132661104 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:06.132710934 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:06.133924961 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:06.133960962 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:06.133995056 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:06.133997917 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:06.134021044 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:06.134037018 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:06.137079000 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:06.137089968 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:06.137120962 CEST59537443192.168.2.54.245.163.56
                                                        Oct 4, 2024 19:22:06.137125969 CEST443595374.245.163.56192.168.2.5
                                                        Oct 4, 2024 19:22:08.586111069 CEST59538443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:22:08.586139917 CEST44359538142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:22:08.586342096 CEST59538443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:22:08.586435080 CEST59538443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:22:08.586448908 CEST44359538142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:22:09.296920061 CEST44359538142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:22:09.301561117 CEST59538443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:22:09.301573992 CEST44359538142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:22:09.302179098 CEST44359538142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:22:09.302463055 CEST59538443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:22:09.302544117 CEST44359538142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:22:09.342817068 CEST59538443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:22:17.589139938 CEST59540443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:17.589204073 CEST44359540142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:17.589267969 CEST59540443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:17.589468956 CEST59540443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:17.589489937 CEST44359540142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:18.218204975 CEST44359540142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:18.218760967 CEST59540443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:18.218792915 CEST44359540142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:18.219130039 CEST44359540142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:18.219444990 CEST59540443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:18.219499111 CEST44359540142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:18.219619989 CEST59540443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:18.219635963 CEST59540443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:18.219644070 CEST44359540142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:18.516850948 CEST44359540142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:18.517752886 CEST44359540142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:18.517834902 CEST59540443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:18.517932892 CEST59540443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:18.517967939 CEST44359540142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:19.236268997 CEST44359538142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:22:19.236355066 CEST44359538142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:22:19.236417055 CEST59538443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:22:19.473726034 CEST59538443192.168.2.5142.250.184.196
                                                        Oct 4, 2024 19:22:19.473746061 CEST44359538142.250.184.196192.168.2.5
                                                        Oct 4, 2024 19:22:19.473860025 CEST59541443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:19.473891020 CEST44359541142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:19.473970890 CEST59541443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:19.474252939 CEST59541443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:19.474282980 CEST44359541142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:20.108017921 CEST44359541142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:20.108591080 CEST59541443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:20.108659029 CEST44359541142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:20.109188080 CEST44359541142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:20.109473944 CEST59541443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:20.109570026 CEST44359541142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:20.109617949 CEST59541443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:20.109664917 CEST59541443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:20.109683037 CEST44359541142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:20.407639027 CEST44359541142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:20.407989979 CEST44359541142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:20.408179998 CEST59541443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:20.408425093 CEST59541443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:20.408472061 CEST44359541142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:49.279993057 CEST59543443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:49.280102968 CEST44359543142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:49.280386925 CEST59543443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:49.282157898 CEST59543443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:49.282207012 CEST44359543142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:49.736089945 CEST59544443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:49.736138105 CEST44359544142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:49.736231089 CEST59544443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:49.736556053 CEST59544443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:49.736576080 CEST44359544142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:49.946027994 CEST44359543142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:49.946404934 CEST59543443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:49.946434975 CEST44359543142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:49.946930885 CEST44359543142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:49.947313070 CEST59543443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:49.947412968 CEST44359543142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:49.947501898 CEST59543443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:49.947525024 CEST59543443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:49.947535038 CEST44359543142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.251440048 CEST44359543142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.251600027 CEST44359543142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.251656055 CEST59543443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:50.251971006 CEST59543443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:50.251990080 CEST44359543142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.404289961 CEST44359544142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.404628038 CEST59544443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:50.404661894 CEST44359544142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.405056953 CEST44359544142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.405374050 CEST59544443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:50.405448914 CEST44359544142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.405631065 CEST59544443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:50.405668974 CEST59544443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:50.405683041 CEST44359544142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.710459948 CEST44359544142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.710899115 CEST44359544142.250.185.238192.168.2.5
                                                        Oct 4, 2024 19:22:50.710977077 CEST59544443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:50.711332083 CEST59544443192.168.2.5142.250.185.238
                                                        Oct 4, 2024 19:22:50.711352110 CEST44359544142.250.185.238192.168.2.5

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 4, 2024 19:21:04.265883923 CEST5960953192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:04.265883923 CEST6413453192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:04.273039103 CEST53596091.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:04.273447990 CEST53534791.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:04.273478031 CEST53508591.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:04.275583029 CEST53641341.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:05.483489037 CEST5530753192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:05.483676910 CEST5707253192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:05.488692999 CEST53566101.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:05.490243912 CEST53553071.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:05.491195917 CEST53570721.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:08.530791044 CEST4967753192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:08.530941010 CEST5797953192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:08.537883997 CEST53579791.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:08.538885117 CEST53496771.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:08.866075993 CEST53637731.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:11.064953089 CEST53605461.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:13.748769045 CEST6095153192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:13.749051094 CEST6261553192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:13.755780935 CEST53609511.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:13.755866051 CEST53626151.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:15.065035105 CEST5562953192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:15.065396070 CEST5468953192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:21:15.072621107 CEST53546891.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:15.072649002 CEST53556291.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:22.446309090 CEST53588751.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:28.270685911 CEST53572981.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:21:41.491336107 CEST53651611.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:22:03.838999987 CEST53491841.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:22:03.884180069 CEST53515781.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:22:15.885909081 CEST53508451.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:22:17.581469059 CEST5962853192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:22:17.581626892 CEST6073053192.168.2.51.1.1.1
                                                        Oct 4, 2024 19:22:17.588532925 CEST53596281.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:22:17.588562965 CEST53607301.1.1.1192.168.2.5
                                                        Oct 4, 2024 19:22:31.757523060 CEST53563201.1.1.1192.168.2.5

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Oct 4, 2024 19:21:04.265883923 CEST192.168.2.51.1.1.10xc18fStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:04.265883923 CEST192.168.2.51.1.1.10x85efStandard query (0)youtube.com65IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.483489037 CEST192.168.2.51.1.1.10x71c7Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.483676910 CEST192.168.2.51.1.1.10x14e8Standard query (0)www.youtube.com65IN (0x0001)false
                                                        Oct 4, 2024 19:21:08.530791044 CEST192.168.2.51.1.1.10x9f9cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:08.530941010 CEST192.168.2.51.1.1.10xeccbStandard query (0)www.google.com65IN (0x0001)false
                                                        Oct 4, 2024 19:21:13.748769045 CEST192.168.2.51.1.1.10x8a1eStandard query (0)accounts.youtube.comA (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:13.749051094 CEST192.168.2.51.1.1.10xd506Standard query (0)accounts.youtube.com65IN (0x0001)false
                                                        Oct 4, 2024 19:21:15.065035105 CEST192.168.2.51.1.1.10x5a7Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:15.065396070 CEST192.168.2.51.1.1.10x331Standard query (0)play.google.com65IN (0x0001)false
                                                        Oct 4, 2024 19:22:17.581469059 CEST192.168.2.51.1.1.10x11cbStandard query (0)play.google.comA (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:22:17.581626892 CEST192.168.2.51.1.1.10x7daeStandard query (0)play.google.com65IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Oct 4, 2024 19:21:04.273039103 CEST1.1.1.1192.168.2.50xc18fNo error (0)youtube.com142.250.186.110A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:04.275583029 CEST1.1.1.1192.168.2.50x85efNo error (0)youtube.com65IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.490243912 CEST1.1.1.1192.168.2.50x71c7No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.491195917 CEST1.1.1.1192.168.2.50x14e8No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                        Oct 4, 2024 19:21:05.491195917 CEST1.1.1.1192.168.2.50x14e8No error (0)youtube-ui.l.google.com65IN (0x0001)false
                                                        Oct 4, 2024 19:21:08.537883997 CEST1.1.1.1192.168.2.50xeccbNo error (0)www.google.com65IN (0x0001)false
                                                        Oct 4, 2024 19:21:08.538885117 CEST1.1.1.1192.168.2.50x9f9cNo error (0)www.google.com142.250.184.196A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:13.755780935 CEST1.1.1.1192.168.2.50x8a1eNo error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                        Oct 4, 2024 19:21:13.755780935 CEST1.1.1.1192.168.2.50x8a1eNo error (0)www3.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:21:13.755866051 CEST1.1.1.1192.168.2.50xd506No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                        Oct 4, 2024 19:21:15.072649002 CEST1.1.1.1192.168.2.50x5a7No error (0)play.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 19:22:17.588532925 CEST1.1.1.1192.168.2.50x11cbNo error (0)play.google.com142.250.185.238A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • youtube.com
                                                        • www.youtube.com
                                                        • fs.microsoft.com
                                                        • https:
                                                          • accounts.youtube.com
                                                          • play.google.com
                                                          • www.google.com
                                                        • otelrules.azureedge.net
                                                        • slscr.update.microsoft.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.549707142.250.186.1104433040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:05 UTC859OUTGET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1
                                                        Host: youtube.com
                                                        Connection: keep-alive
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Upgrade-Insecure-Requests: 1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: navigate
                                                        Sec-Fetch-User: ?1
                                                        Sec-Fetch-Dest: document
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-04 17:21:05 UTC1704INHTTP/1.1 301 Moved Permanently
                                                        Content-Type: application/binary
                                                        X-Content-Type-Options: nosniff
                                                        Expires: Fri, 04 Oct 2024 17:21:05 GMT
                                                        Date: Fri, 04 Oct 2024 17:21:05 GMT
                                                        Cache-Control: private, max-age=31536000
                                                        Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                        X-Frame-Options: SAMEORIGIN
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                        Content-Security-Policy: require-trusted-types-for 'script'
                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                        Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.549710142.250.185.1424433040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:06 UTC877OUTGET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1
                                                        Host: www.youtube.com
                                                        Connection: keep-alive
                                                        Upgrade-Insecure-Requests: 1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: navigate
                                                        Sec-Fetch-User: ?1
                                                        Sec-Fetch-Dest: document
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-04 17:21:06 UTC2634INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        X-Content-Type-Options: nosniff
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Fri, 04 Oct 2024 17:21:06 GMT
                                                        Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en
                                                        Strict-Transport-Security: max-age=31536000
                                                        X-Frame-Options: SAMEORIGIN
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                        Content-Security-Policy: require-trusted-types-for 'script'
                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                        Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                        P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Fri, 04-Oct-2024 17:51:06 GMT; Path=/; Secure; HttpOnly
                                                        Set-Cookie: YSC=piE9uBPt-jc; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                        Set-Cookie: VISITOR_INFO1_LIVE=a4Y8tMTY_QQ; Domain=.youtube.com; Expires=Wed, 02-Apr-2025 17:21:06 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                        Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgQQ%3D%3D; Domain=.youtube.com; Expires=Wed, 02-Apr-2025 17:21:06 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.549716184.28.90.27443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:09 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept: */*
                                                        Accept-Encoding: identity
                                                        User-Agent: Microsoft BITS/7.8
                                                        Host: fs.microsoft.com
                                                        2024-10-04 17:21:09 UTC467INHTTP/1.1 200 OK
                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                        Content-Type: application/octet-stream
                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                        Server: ECAcc (lpl/EF70)
                                                        X-CID: 11
                                                        X-Ms-ApiVersion: Distribute 1.2
                                                        X-Ms-Region: prod-neu-z1
                                                        Cache-Control: public, max-age=170644
                                                        Date: Fri, 04 Oct 2024 17:21:09 GMT
                                                        Connection: close
                                                        X-CID: 2


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.549721184.28.90.27443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:10 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept: */*
                                                        Accept-Encoding: identity
                                                        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                        Range: bytes=0-2147483646
                                                        User-Agent: Microsoft BITS/7.8
                                                        Host: fs.microsoft.com
                                                        2024-10-04 17:21:10 UTC515INHTTP/1.1 200 OK
                                                        ApiVersion: Distribute 1.1
                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                        Content-Type: application/octet-stream
                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                        Server: ECAcc (lpl/EF06)
                                                        X-CID: 11
                                                        X-Ms-ApiVersion: Distribute 1.2
                                                        X-Ms-Region: prod-weu-z1
                                                        Cache-Control: public, max-age=170718
                                                        Date: Fri, 04 Oct 2024 17:21:10 GMT
                                                        Content-Length: 55
                                                        Connection: close
                                                        X-CID: 2
                                                        2024-10-04 17:21:10 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.549732142.250.185.1424433040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:14 UTC1225OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1690580838&timestamp=1728062473124 HTTP/1.1
                                                        Host: accounts.youtube.com
                                                        Connection: keep-alive
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-arch: "x86"
                                                        sec-ch-ua-platform: "Windows"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        Upgrade-Insecure-Requests: 1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                        Sec-Fetch-Site: cross-site
                                                        Sec-Fetch-Mode: navigate
                                                        Sec-Fetch-Dest: iframe
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-04 17:21:14 UTC1969INHTTP/1.1 200 OK
                                                        Content-Type: text/html; charset=utf-8
                                                        X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                        Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-lWaIrX21-ZgU3HG3LH77jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Fri, 04 Oct 2024 17:21:14 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmII0JBikPj6kkkDiJ3SZ7AGAXHSv_OsRUB8ufsS63UgVu25xGoKxEUSV1ibgFiIh6PrRMMONoELcw6tYFLSS8ovjM9MSc0rySypTMnPTczMS87Pz85MLS5OLSpLLYo3MjAyMbA0stQzsIgvMAAAyc8tIA"
                                                        Server: ESF
                                                        X-XSS-Protection: 0
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-04 17:21:14 UTC1969INData Raw: 37 36 31 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6c 57 61 49 72 58 32 31 2d 5a 67 55 33 48 47 33 4c 48 37 37 6a 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                        Data Ascii: 7615<html><head><script nonce="lWaIrX21-ZgU3HG3LH77jg">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                        2024-10-04 17:21:14 UTC1969INData Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28
                                                        Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
                                                        2024-10-04 17:21:14 UTC1969INData Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e
                                                        Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
                                                        2024-10-04 17:21:14 UTC1969INData Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d
                                                        Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
                                                        2024-10-04 17:21:14 UTC1969INData Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65
                                                        Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
                                                        2024-10-04 17:21:14 UTC1969INData Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29
                                                        Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
                                                        2024-10-04 17:21:14 UTC1969INData Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29
                                                        Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"||l=="function"?b.has(k)
                                                        2024-10-04 17:21:14 UTC1969INData Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45
                                                        Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb||{},q=this||self,gb=q._F_toggles||[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
                                                        2024-10-04 17:21:14 UTC1969INData Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68
                                                        Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c||q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
                                                        2024-10-04 17:21:14 UTC1969INData Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e
                                                        Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.549735142.250.181.2384433040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:15 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Accept: */*
                                                        Access-Control-Request-Method: POST
                                                        Access-Control-Request-Headers: x-goog-authuser
                                                        Origin: https://accounts.google.com
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-04 17:21:16 UTC520INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                        Access-Control-Max-Age: 86400
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Fri, 04 Oct 2024 17:21:15 GMT
                                                        Server: Playlog
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.549737142.250.181.2384433040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:15 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Accept: */*
                                                        Access-Control-Request-Method: POST
                                                        Access-Control-Request-Headers: x-goog-authuser
                                                        Origin: https://accounts.google.com
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-04 17:21:16 UTC520INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                        Access-Control-Max-Age: 86400
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Fri, 04 Oct 2024 17:21:15 GMT
                                                        Server: Playlog
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        7192.168.2.54973913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:16 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:16 UTC540INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:16 GMT
                                                        Content-Type: text/plain
                                                        Content-Length: 218853
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public
                                                        Last-Modified: Mon, 30 Sep 2024 13:16:38 GMT
                                                        ETag: "0x8DCE1521DF74B57"
                                                        x-ms-request-id: 90766f9b-701e-006f-578c-15afc4000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172116Z-15767c5fc55gq5fmm10nm5qqr80000000d10000000003syx
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:16 UTC15844INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                        Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                        2024-10-04 17:21:16 UTC16384INData Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e
                                                        Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
                                                        2024-10-04 17:21:16 UTC16384INData Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31
                                                        Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
                                                        2024-10-04 17:21:16 UTC16384INData Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20
                                                        Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
                                                        2024-10-04 17:21:16 UTC16384INData Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f
                                                        Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
                                                        2024-10-04 17:21:16 UTC16384INData Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a
                                                        Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
                                                        2024-10-04 17:21:16 UTC16384INData Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63
                                                        Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
                                                        2024-10-04 17:21:16 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e
                                                        Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
                                                        2024-10-04 17:21:16 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                        Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
                                                        2024-10-04 17:21:16 UTC16384INData Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                        Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.549741142.250.181.2384433040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:16 UTC1132OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 519
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        X-Goog-AuthUser: 0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-04 17:21:16 UTC519OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 36 32 34 37 34 34 33 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728062474438",null,null,null
                                                        2024-10-04 17:21:16 UTC933INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Set-Cookie: NID=518=gtq5-AFwJ9DrOcK__N4zKardjqbQo5F54tZovC6IYvC8BOtKyxwlMUNavYkWympJMPl4X21cpZJUVZB86CIoNafFq2_M1tBtePjoRe9ihcgsBiqtAmgiDjYRnFy9UUX4OjcD1fQb7HNg_wPmO_qrxhADdDGipP5AKTfVSI27QAHwYuPSNCg; expires=Sat, 05-Apr-2025 17:21:16 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Fri, 04 Oct 2024 17:21:16 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Expires: Fri, 04 Oct 2024 17:21:16 GMT
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-04 17:21:16 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-04 17:21:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.549742142.250.181.2384433040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:16 UTC1132OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 519
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        X-Goog-AuthUser: 0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-04 17:21:16 UTC519OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 36 32 34 37 34 35 32 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728062474525",null,null,null
                                                        2024-10-04 17:21:17 UTC933INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Set-Cookie: NID=518=w-2Cw4CImbelzX_SClJKetllVsIuixaGybtPZTx-SpdFGQjD0afdvMu611cQHuNk7oBYoCd06hCBAXkckXPq_h_-T76YYqK_hs23ApsjGhYtRiHWqPNRRVN2g1Csg8xvmEYLk1UigVFkTE7R9dAAVE4295DgVmfH8LLvKW05FUbribgwNEU; expires=Sat, 05-Apr-2025 17:21:16 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Fri, 04 Oct 2024 17:21:16 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Expires: Fri, 04 Oct 2024 17:21:16 GMT
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-04 17:21:17 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-04 17:21:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        10192.168.2.549715142.250.184.1964433040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:17 UTC1222OUTGET /favicon.ico HTTP/1.1
                                                        Host: www.google.com
                                                        Connection: keep-alive
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                        X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: image
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: NID=518=w-2Cw4CImbelzX_SClJKetllVsIuixaGybtPZTx-SpdFGQjD0afdvMu611cQHuNk7oBYoCd06hCBAXkckXPq_h_-T76YYqK_hs23ApsjGhYtRiHWqPNRRVN2g1Csg8xvmEYLk1UigVFkTE7R9dAAVE4295DgVmfH8LLvKW05FUbribgwNEU
                                                        2024-10-04 17:21:17 UTC705INHTTP/1.1 200 OK
                                                        Accept-Ranges: bytes
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                        Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                        Content-Length: 5430
                                                        X-Content-Type-Options: nosniff
                                                        Server: sffe
                                                        X-XSS-Protection: 0
                                                        Date: Fri, 04 Oct 2024 16:36:56 GMT
                                                        Expires: Sat, 12 Oct 2024 16:36:56 GMT
                                                        Cache-Control: public, max-age=691200
                                                        Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                        Content-Type: image/x-icon
                                                        Vary: Accept-Encoding
                                                        Age: 2661
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close
                                                        2024-10-04 17:21:17 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                        Data Ascii: h& ( 0.v]X:X:rY
                                                        2024-10-04 17:21:17 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                        Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                        2024-10-04 17:21:17 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                        Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                        2024-10-04 17:21:17 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                        Data Ascii: BBBBBBF!4I
                                                        2024-10-04 17:21:17 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                        Data Ascii: $'


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        11192.168.2.54974713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:17 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:17 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:17 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 450
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                        ETag: "0x8DC582BD4C869AE"
                                                        x-ms-request-id: b9d87bc4-001e-008d-138c-15d91e000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172117Z-15767c5fc55xsgnlxyxy40f4m00000000cs000000000ccu5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:17 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        12192.168.2.54975013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:17 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:17 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:17 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 2160
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                        ETag: "0x8DC582BA3B95D81"
                                                        x-ms-request-id: 39d43082-801e-00ac-658c-15fd65000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172117Z-15767c5fc55rg5b7sh1vuv8t7n0000000d2g00000000sch0
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:17 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        13192.168.2.54974813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:17 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:17 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:17 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 408
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                        ETag: "0x8DC582BB56D3AFB"
                                                        x-ms-request-id: 4b0a31e7-c01e-00ad-448c-15a2b9000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172117Z-15767c5fc554w2fgapsyvy8ua00000000cb000000000f0sp
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:17 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        14192.168.2.54974913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:17 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:17 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:17 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 2980
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                        ETag: "0x8DC582BA80D96A1"
                                                        x-ms-request-id: b9d87bc3-001e-008d-128c-15d91e000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172117Z-15767c5fc55rv8zjq9dg0musxg0000000cxg000000003yyz
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:17 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        15192.168.2.54974613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:17 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:17 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:17 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 3788
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                        ETag: "0x8DC582BAC2126A6"
                                                        x-ms-request-id: 1cc2ff82-e01e-0071-478c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172117Z-15767c5fc55472x4k7dmphmadg0000000cc000000000xh28
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:17 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        16192.168.2.54975413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:18 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:18 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:18 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 415
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                        ETag: "0x8DC582B9F6F3512"
                                                        x-ms-request-id: 757ce4f4-401e-000a-128c-154a7b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172118Z-15767c5fc55whfstvfw43u8fp40000000cxg00000000mfbc
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:18 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        17192.168.2.54975513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:18 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:18 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:18 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 471
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                        ETag: "0x8DC582BB10C598B"
                                                        x-ms-request-id: 24b39cfc-301e-0096-2a8c-15e71d000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172118Z-15767c5fc55n4msds84xh4z67w00000006n0000000001771
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:18 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        18192.168.2.54975313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:18 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:18 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:18 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 474
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                        ETag: "0x8DC582B9964B277"
                                                        x-ms-request-id: aa8826a4-b01e-0053-608c-15cdf8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172118Z-15767c5fc55n4msds84xh4z67w00000006fg00000000ky0u
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:18 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        19192.168.2.54975713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:18 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:18 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:18 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 467
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                        ETag: "0x8DC582BA6C038BC"
                                                        x-ms-request-id: b2393cc3-501e-005b-768c-15d7f7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172118Z-15767c5fc55v7j95gq2uzq37a00000000d1g00000000eva3
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:18 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        20192.168.2.54975613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:18 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:18 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:18 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 632
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                        ETag: "0x8DC582BB6E3779E"
                                                        x-ms-request-id: 3a0dc1eb-601e-0032-608c-15eebb000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172118Z-15767c5fc55qkvj6n60pxm9mbw00000001zg00000000ftwp
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:18 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        21192.168.2.5497514.245.163.56443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:18 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=s9CYOBSCZtkw7HA&MD=NvR15Afe HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept: */*
                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                        Host: slscr.update.microsoft.com
                                                        2024-10-04 17:21:18 UTC560INHTTP/1.1 200 OK
                                                        Cache-Control: no-cache
                                                        Pragma: no-cache
                                                        Content-Type: application/octet-stream
                                                        Expires: -1
                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                        MS-CorrelationId: 73d4e89f-1224-4193-9d37-3c8228466747
                                                        MS-RequestId: c8400396-4c63-4770-89a1-f05ef7dee220
                                                        MS-CV: dUI+hKOwlEuGY6Uq.0
                                                        X-Microsoft-SLSClientCache: 2880
                                                        Content-Disposition: attachment; filename=environment.cab
                                                        X-Content-Type-Options: nosniff
                                                        Date: Fri, 04 Oct 2024 17:21:17 GMT
                                                        Connection: close
                                                        Content-Length: 24490
                                                        2024-10-04 17:21:18 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                        2024-10-04 17:21:18 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        22192.168.2.54976313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:19 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:19 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:19 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 486
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                        ETag: "0x8DC582BB344914B"
                                                        x-ms-request-id: 1cc301c6-e01e-0071-6b8c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172119Z-15767c5fc55ncqdn59ub6rndq00000000cm0000000003e40
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:19 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        23192.168.2.54976413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:19 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:19 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:19 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 486
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                        ETag: "0x8DC582B9018290B"
                                                        x-ms-request-id: e0871f45-901e-00a0-0d8c-156a6d000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172119Z-15767c5fc554wklc0x4mc5pq0w0000000d5000000000fmfz
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:19 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        24192.168.2.54976613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:19 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:19 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:19 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 427
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                        ETag: "0x8DC582BA310DA18"
                                                        x-ms-request-id: 1cc301ca-e01e-0071-6f8c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172119Z-15767c5fc55jdxmppy6cmd24bn00000004zg00000000qtvb
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:19 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        25192.168.2.54976513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:19 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:19 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:19 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 407
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                        ETag: "0x8DC582B9698189B"
                                                        x-ms-request-id: 023e3944-a01e-003d-708c-1598d7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172119Z-15767c5fc55tsfp92w7yna557w0000000cw000000000a489
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:19 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        26192.168.2.54976213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:19 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:19 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:19 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 407
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                        ETag: "0x8DC582BBAD04B7B"
                                                        x-ms-request-id: 023e3708-a01e-003d-568c-1598d7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172119Z-15767c5fc55lghvzbxktxfqntw0000000ceg00000000r5gz
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:19 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        27192.168.2.54977013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:20 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:20 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:19 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 469
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                        ETag: "0x8DC582BBA701121"
                                                        x-ms-request-id: a68dfe67-f01e-0052-588c-159224000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172119Z-15767c5fc55w69c2zvnrz0gmgw0000000cyg00000000uw5f
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:20 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        28192.168.2.54977213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:20 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:20 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:20 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 464
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                        ETag: "0x8DC582B97FB6C3C"
                                                        x-ms-request-id: dc68ccfc-201e-006e-438c-15bbe3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172120Z-15767c5fc55852fxfeh7csa2dn0000000cr000000000hbs8
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:20 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        29192.168.2.54977313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:20 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:20 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:20 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 477
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                        ETag: "0x8DC582BB8CEAC16"
                                                        x-ms-request-id: 24b39fc0-301e-0096-298c-15e71d000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172120Z-15767c5fc55fdfx81a30vtr1fw0000000d5000000000fucm
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:20 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        30192.168.2.54977113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:20 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:20 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:20 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 415
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                        ETag: "0x8DC582BA41997E3"
                                                        x-ms-request-id: c54fb296-901e-008f-528c-1567a6000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172120Z-15767c5fc55dtdv4d4saq7t47n0000000cmg00000000efzh
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:20 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        31192.168.2.54977713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:20 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:20 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:20 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 472
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                        ETag: "0x8DC582B9DACDF62"
                                                        x-ms-request-id: 8e9c869d-201e-000c-4b8c-1579c4000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172120Z-15767c5fc55d6fcl6x6bw8cpdc0000000cs000000000buax
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:20 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        32192.168.2.54977813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:20 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:20 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:20 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 404
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                        ETag: "0x8DC582B9E8EE0F3"
                                                        x-ms-request-id: 4f10c824-e01e-0085-1c8c-15c311000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172120Z-15767c5fc5546rn6ch9zv310e000000005tg00000000g3m6
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:20 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        33192.168.2.54978113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:21 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:21 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:21 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 499
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                        ETag: "0x8DC582B98CEC9F6"
                                                        x-ms-request-id: 30fd46b0-d01e-00a1-368c-1535b1000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172121Z-15767c5fc55v7j95gq2uzq37a00000000d1000000000gr43
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:21 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        34192.168.2.54978013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:21 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:21 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:21 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 428
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                        ETag: "0x8DC582BAC4F34CA"
                                                        x-ms-request-id: 82f8b22c-c01e-0014-5a8c-15a6a3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172121Z-15767c5fc55v7j95gq2uzq37a00000000d3g000000007b3g
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:21 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        35192.168.2.54977413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:22 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:22 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:22 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 494
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                        ETag: "0x8DC582BB7010D66"
                                                        x-ms-request-id: 79ade187-001e-0065-788c-150b73000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172122Z-15767c5fc55qkvj6n60pxm9mbw000000020000000000e825
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:22 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        36192.168.2.54977613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:22 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:22 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:22 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                        ETag: "0x8DC582B9748630E"
                                                        x-ms-request-id: 0da94923-701e-0097-168c-15b8c1000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172122Z-15767c5fc55qkvj6n60pxm9mbw0000000210000000009e2c
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:22 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        37192.168.2.54977913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:22 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:22 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:22 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 468
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                        ETag: "0x8DC582B9C8E04C8"
                                                        x-ms-request-id: 09e6f7ee-001e-0034-548c-15dd04000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172122Z-15767c5fc55qkvj6n60pxm9mbw000000020g00000000bupr
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:22 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        38192.168.2.54978213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:22 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:22 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:22 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 415
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                        ETag: "0x8DC582B988EBD12"
                                                        x-ms-request-id: 6a901ce3-301e-005d-708c-15e448000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172122Z-15767c5fc55tsfp92w7yna557w0000000ctg00000000mdpf
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:22 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        39192.168.2.54978313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:22 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:22 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:22 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 471
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                        ETag: "0x8DC582BB5815C4C"
                                                        x-ms-request-id: 75493038-e01e-00aa-508c-15ceda000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172122Z-15767c5fc55jdxmppy6cmd24bn000000053000000000aqqy
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:22 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        40192.168.2.54978413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:23 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                        ETag: "0x8DC582BB32BB5CB"
                                                        x-ms-request-id: c2ca9d4d-801e-0035-458c-15752a000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172123Z-15767c5fc552g4w83buhsr3htc0000000ct000000000pz9d
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:23 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        41192.168.2.54978613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:23 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 494
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                        ETag: "0x8DC582BB8972972"
                                                        x-ms-request-id: 831ef799-b01e-0098-7b8c-15cead000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172123Z-15767c5fc554w2fgapsyvy8ua00000000cd000000000781m
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:23 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        42192.168.2.54978513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:23 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 420
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                        ETag: "0x8DC582B9DAE3EC0"
                                                        x-ms-request-id: a7623418-001e-00a2-348c-15d4d5000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172123Z-15767c5fc55dtdv4d4saq7t47n0000000cg000000000w1gd
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:23 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        43192.168.2.54978713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:23 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 472
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                        ETag: "0x8DC582B9D43097E"
                                                        x-ms-request-id: 4b0a3852-c01e-00ad-3b8c-15a2b9000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172123Z-15767c5fc554wklc0x4mc5pq0w0000000d3g00000000nzbe
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:23 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        44192.168.2.54978813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:23 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 427
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                        ETag: "0x8DC582BA909FA21"
                                                        x-ms-request-id: eccf174e-001e-0079-238c-1512e8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172123Z-15767c5fc552g4w83buhsr3htc0000000cyg0000000002mr
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:23 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        45192.168.2.549789142.250.181.2384433040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC1307OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 1224
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        Content-Type: text/plain;charset=UTF-8
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        X-Goog-AuthUser: 0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: NID=518=w-2Cw4CImbelzX_SClJKetllVsIuixaGybtPZTx-SpdFGQjD0afdvMu611cQHuNk7oBYoCd06hCBAXkckXPq_h_-T76YYqK_hs23ApsjGhYtRiHWqPNRRVN2g1Csg8xvmEYLk1UigVFkTE7R9dAAVE4295DgVmfH8LLvKW05FUbribgwNEU
                                                        2024-10-04 17:21:23 UTC1224OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 30 36 32 34 37 32 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728062472000",null,null,null,
                                                        2024-10-04 17:21:23 UTC941INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Set-Cookie: NID=518=euPjR4poezEpaLq_Ya9tuIlV3l1E7qv6zgRctrnis7w3CB13PpZokhHh5lQ_-t0HINtRZPqupGCrHfh4M1SC13ZAwbl3kveMr2VwdLBYzJPT5HVOEYN-6q0bSM9HCirG5OAXzdOom6ak7vupsOT5NybHmVvEMwTr7p4R04v_7W6bBJ3CIE-pooWSjCk; expires=Sat, 05-Apr-2025 17:21:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Expires: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-04 17:21:23 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-04 17:21:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        46192.168.2.54979013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:23 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 486
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                        ETag: "0x8DC582B92FCB436"
                                                        x-ms-request-id: 76615707-c01e-0082-6a8c-15af72000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172123Z-15767c5fc55w69c2zvnrz0gmgw0000000d0g00000000kzk1
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:23 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        47192.168.2.54979113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:23 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 423
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                        ETag: "0x8DC582BB7564CE8"
                                                        x-ms-request-id: bb2e28bd-501e-0016-0b8c-15181b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172123Z-15767c5fc55xsgnlxyxy40f4m00000000crg00000000e04m
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:23 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        48192.168.2.54979313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:23 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 404
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                        ETag: "0x8DC582B95C61A3C"
                                                        x-ms-request-id: 0dcb6c6d-e01e-0003-668c-150fa8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172123Z-15767c5fc55rg5b7sh1vuv8t7n0000000d70000000007bgr
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:23 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        49192.168.2.54979213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:23 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 478
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                        ETag: "0x8DC582B9B233827"
                                                        x-ms-request-id: 4da5bf60-a01e-0070-668c-15573b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172123Z-15767c5fc55w69c2zvnrz0gmgw0000000cy000000000wncn
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:23 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        50192.168.2.54979413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:23 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:23 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:23 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 468
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                        ETag: "0x8DC582BB046B576"
                                                        x-ms-request-id: 8789ddbb-a01e-0084-6a8c-159ccd000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172123Z-15767c5fc55qkvj6n60pxm9mbw00000001yg00000000mfz6
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:23 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        51192.168.2.54979513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:24 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:24 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:24 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 400
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                        ETag: "0x8DC582BB2D62837"
                                                        x-ms-request-id: 9bed673a-001e-0046-278c-15da4b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172124Z-15767c5fc55jdxmppy6cmd24bn000000050g00000000mmcr
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:24 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        52192.168.2.54979613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:24 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:24 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:24 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 479
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                        ETag: "0x8DC582BB7D702D0"
                                                        x-ms-request-id: 772ea1ab-e01e-003c-188c-15c70b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172124Z-15767c5fc55d6fcl6x6bw8cpdc0000000csg00000000a3y1
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:24 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        53192.168.2.54979713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:24 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:24 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:24 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 475
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                        ETag: "0x8DC582BB2BE84FD"
                                                        x-ms-request-id: 15fe0b87-a01e-0002-3b8c-155074000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172124Z-15767c5fc55sdcjq8ksxt4n9mc000000026000000000a059
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:24 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        54192.168.2.54979813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:24 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:24 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:24 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 425
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                        ETag: "0x8DC582BBA25094F"
                                                        x-ms-request-id: 3a0dcc46-601e-0032-6c8c-15eebb000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172124Z-15767c5fc55fdfx81a30vtr1fw0000000d3000000000rtye
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:24 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        55192.168.2.54979913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:24 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:24 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:24 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 448
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                        ETag: "0x8DC582BB389F49B"
                                                        x-ms-request-id: 1f480944-c01e-002b-018c-156e00000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172124Z-15767c5fc55d6fcl6x6bw8cpdc0000000cug0000000022a4
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:24 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        56192.168.2.54980213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:25 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:25 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:25 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 479
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                        ETag: "0x8DC582B989EE75B"
                                                        x-ms-request-id: 76252b1b-c01e-0066-488c-15a1ec000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172125Z-15767c5fc55sdcjq8ksxt4n9mc000000023g00000000n18f
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:25 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        57192.168.2.54980113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:25 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:25 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:25 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 416
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                        ETag: "0x8DC582BAEA4B445"
                                                        x-ms-request-id: 75858473-001e-000b-318c-1515a7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172125Z-15767c5fc55gs96cphvgp5f5vc0000000cp000000000sqgf
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:25 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        58192.168.2.54980313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:25 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:25 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:25 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 415
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                        ETag: "0x8DC582BA80D96A1"
                                                        x-ms-request-id: b9a197f6-401e-0078-3b8c-154d34000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172125Z-15767c5fc55fdfx81a30vtr1fw0000000d70000000007gz9
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:25 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        59192.168.2.54980013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:25 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:25 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:25 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 491
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                        ETag: "0x8DC582B98B88612"
                                                        x-ms-request-id: c54fbac1-901e-008f-588c-1567a6000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172125Z-15767c5fc554wklc0x4mc5pq0w0000000d1000000000yv97
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:25 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        60192.168.2.54980413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:25 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:25 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:25 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 471
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                        ETag: "0x8DC582B97E6FCDD"
                                                        x-ms-request-id: b83a8dc4-f01e-003f-308c-15d19d000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172125Z-15767c5fc55w69c2zvnrz0gmgw0000000d0g00000000kzp5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:25 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        61192.168.2.54980513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:26 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:26 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:26 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 477
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                        ETag: "0x8DC582BA54DCC28"
                                                        x-ms-request-id: 7be6812e-d01e-008e-528c-15387a000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172126Z-15767c5fc55n4msds84xh4z67w00000006fg00000000kym5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:26 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        62192.168.2.54980813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:26 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:26 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:26 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 477
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                        ETag: "0x8DC582BA48B5BDD"
                                                        x-ms-request-id: 7be6821c-d01e-008e-398c-15387a000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172126Z-15767c5fc55jdxmppy6cmd24bn0000000540000000006a09
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:26 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        63192.168.2.54980613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:26 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:26 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:26 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                        ETag: "0x8DC582B9C710B28"
                                                        x-ms-request-id: 2f8443ca-b01e-0070-308c-151cc0000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172126Z-15767c5fc55qkvj6n60pxm9mbw000000022g000000003bx8
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:26 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        64192.168.2.54980713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:26 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:26 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:26 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                        ETag: "0x8DC582BB7F164C3"
                                                        x-ms-request-id: 1f480aea-c01e-002b-028c-156e00000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172126Z-15767c5fc55xsgnlxyxy40f4m00000000cv0000000000q9c
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:26 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        65192.168.2.54980913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:26 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:26 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:26 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                        ETag: "0x8DC582B9FF95F80"
                                                        x-ms-request-id: 16d3a614-701e-0032-288c-15a540000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172126Z-15767c5fc55w69c2zvnrz0gmgw0000000d30000000009q14
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:26 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        66192.168.2.54981013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:27 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:27 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:27 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 472
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                        ETag: "0x8DC582BB650C2EC"
                                                        x-ms-request-id: aa883537-b01e-0053-4c8c-15cdf8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172127Z-15767c5fc554wklc0x4mc5pq0w0000000d8g00000000198b
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:27 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        67192.168.2.54981113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:27 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:27 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:27 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 468
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                        ETag: "0x8DC582BB3EAF226"
                                                        x-ms-request-id: cce0beff-001e-0082-398c-155880000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172127Z-15767c5fc55tsfp92w7yna557w0000000cs000000000t7ah
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:27 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        68192.168.2.54981213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:27 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:27 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:27 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 485
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                        ETag: "0x8DC582BB9769355"
                                                        x-ms-request-id: dc68dac5-201e-006e-298c-15bbe3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172127Z-15767c5fc55lghvzbxktxfqntw0000000cg000000000m0th
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:27 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        69192.168.2.54981313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:27 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:27 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:27 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 411
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                        ETag: "0x8DC582B989AF051"
                                                        x-ms-request-id: be018b72-401e-0035-7e8c-1582d8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172127Z-15767c5fc554w2fgapsyvy8ua00000000ceg000000001pz4
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:27 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        70192.168.2.54981413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:27 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:27 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:27 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 470
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                        ETag: "0x8DC582BBB181F65"
                                                        x-ms-request-id: 4da5c699-a01e-0070-198c-15573b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172127Z-15767c5fc55gq5fmm10nm5qqr80000000cw000000000nspu
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:27 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        71192.168.2.54981613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:27 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:27 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:27 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 502
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                        ETag: "0x8DC582BB6A0D312"
                                                        x-ms-request-id: 801e2bd2-b01e-0021-6a8c-15cab7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172127Z-15767c5fc55852fxfeh7csa2dn0000000cp000000000tggw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:27 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        72192.168.2.54981513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:27 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:27 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:27 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 427
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                        ETag: "0x8DC582BB556A907"
                                                        x-ms-request-id: be018b82-401e-0035-0c8c-1582d8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172127Z-15767c5fc554wklc0x4mc5pq0w0000000d2000000000vzmw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:27 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        73192.168.2.54981713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:27 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:27 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:27 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 407
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                        ETag: "0x8DC582B9D30478D"
                                                        x-ms-request-id: 285c7e33-c01e-008e-718c-157381000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172127Z-15767c5fc55whfstvfw43u8fp40000000d000000000095cm
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:27 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        74192.168.2.54981813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:27 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:28 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:27 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 474
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                        ETag: "0x8DC582BB3F48DAE"
                                                        x-ms-request-id: 1cc309a5-e01e-0071-358c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172127Z-15767c5fc55ncqdn59ub6rndq00000000cm0000000003epg
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:28 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        75192.168.2.54981913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:27 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:28 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:27 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 408
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                        ETag: "0x8DC582BB9B6040B"
                                                        x-ms-request-id: 04c46130-501e-0064-028c-151f54000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172127Z-15767c5fc55tsfp92w7yna557w0000000crg00000000vedp
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:28 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        76192.168.2.54982013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:28 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:28 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:28 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 469
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                        ETag: "0x8DC582BB3CAEBB8"
                                                        x-ms-request-id: 6a902a44-301e-005d-788c-15e448000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172128Z-15767c5fc55whfstvfw43u8fp40000000cw000000000szbb
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:28 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        77192.168.2.54982113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:28 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:28 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:28 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 416
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                        ETag: "0x8DC582BB5284CCE"
                                                        x-ms-request-id: 15fe14b4-a01e-0002-638c-155074000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172128Z-15767c5fc55w69c2zvnrz0gmgw0000000d30000000009q52
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:28 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        78192.168.2.54982213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:28 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:28 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:28 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 472
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                        ETag: "0x8DC582B91EAD002"
                                                        x-ms-request-id: 4da5c882-a01e-0070-628c-15573b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172128Z-15767c5fc55fdfx81a30vtr1fw0000000d6000000000bppm
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:28 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        79192.168.2.54982313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:28 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:28 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:28 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 432
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                        ETag: "0x8DC582BAABA2A10"
                                                        x-ms-request-id: 15fe1592-a01e-0002-378c-155074000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172128Z-15767c5fc55lghvzbxktxfqntw0000000cng000000000md5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:28 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        80192.168.2.54982413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:28 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:28 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:28 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 475
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                        ETag: "0x8DC582BBA740822"
                                                        x-ms-request-id: b9a19b13-401e-0078-148c-154d34000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172128Z-15767c5fc55kg97hfq5uqyxxaw0000000crg00000000sge8
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:28 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        81192.168.2.55933713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:29 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:29 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:29 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 427
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                        ETag: "0x8DC582BB464F255"
                                                        x-ms-request-id: 9bed6e8e-001e-0046-5b8c-15da4b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172129Z-15767c5fc55fdfx81a30vtr1fw0000000d8g000000001dfc
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:29 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        82192.168.2.55933813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:29 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:29 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:29 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 474
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                        ETag: "0x8DC582BA4037B0D"
                                                        x-ms-request-id: e08726cd-901e-00a0-738c-156a6d000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172129Z-15767c5fc55d6fcl6x6bw8cpdc0000000cp000000000rv19
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:29 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        83192.168.2.55933913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:29 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:29 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:29 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                        ETag: "0x8DC582BA6CF78C8"
                                                        x-ms-request-id: 766164d5-c01e-0082-668c-15af72000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172129Z-15767c5fc55sdcjq8ksxt4n9mc000000021000000000y14d
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:29 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        84192.168.2.55934113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:29 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:29 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:29 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 405
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                        ETag: "0x8DC582B942B6AFF"
                                                        x-ms-request-id: d59d44fd-601e-003e-698c-153248000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172129Z-15767c5fc554l9xf959gp9cb1s00000006zg00000000ev5u
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:29 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        85192.168.2.55934013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:29 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:29 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:29 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 472
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                        ETag: "0x8DC582B984BF177"
                                                        x-ms-request-id: dcc4dd0d-f01e-0099-7c8c-159171000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172129Z-15767c5fc5546rn6ch9zv310e000000005r000000000rfyp
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:29 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        86192.168.2.55934213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:30 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:30 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:30 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 468
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                        ETag: "0x8DC582BBA642BF4"
                                                        x-ms-request-id: 4a2177bf-401e-00a3-638c-158b09000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172130Z-15767c5fc55v7j95gq2uzq37a00000000d2g00000000bgbv
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:30 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        87192.168.2.55934313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:30 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:30 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:30 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 174
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                        ETag: "0x8DC582B91D80E15"
                                                        x-ms-request-id: 4da5cae8-a01e-0070-0e8c-15573b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172130Z-15767c5fc55xsgnlxyxy40f4m00000000cv0000000000qh8
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:30 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        88192.168.2.55934413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:30 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:30 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:30 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1952
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                        ETag: "0x8DC582B956B0F3D"
                                                        x-ms-request-id: 1cc30b66-e01e-0071-368c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172130Z-15767c5fc55rg5b7sh1vuv8t7n0000000d3g00000000p5ag
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:30 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        89192.168.2.55934513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:30 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:30 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:30 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 958
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                        ETag: "0x8DC582BA0A31B3B"
                                                        x-ms-request-id: 8e9c9a52-201e-000c-6b8c-1579c4000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172130Z-15767c5fc554w2fgapsyvy8ua00000000cb000000000f1uy
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:30 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        90192.168.2.55934613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:30 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:30 UTC470INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:30 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 501
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                        ETag: "0x8DC582BACFDAACD"
                                                        x-ms-request-id: 0da9586c-701e-0097-318c-15b8c1000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172130Z-15767c5fc55rv8zjq9dg0musxg0000000cy000000000241b
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:30 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        91192.168.2.55934813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:31 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:31 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:31 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 3342
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                        ETag: "0x8DC582B927E47E9"
                                                        x-ms-request-id: 1cc30bd5-e01e-0071-1a8c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172131Z-15767c5fc55d6fcl6x6bw8cpdc0000000cq000000000mtu5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:31 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        92192.168.2.55934713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:31 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:31 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:31 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 2592
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                        ETag: "0x8DC582BB5B890DB"
                                                        x-ms-request-id: b9a19cb7-401e-0078-068c-154d34000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172131Z-15767c5fc55sdcjq8ksxt4n9mc000000023g00000000n1nc
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:31 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        93192.168.2.55934913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:31 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:31 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:31 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 2284
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                        ETag: "0x8DC582BCD58BEEE"
                                                        x-ms-request-id: 82f8c3b9-c01e-0014-418c-15a6a3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172131Z-15767c5fc55n4msds84xh4z67w00000006cg00000000ynbz
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:31 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        94192.168.2.55935013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:31 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:31 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:31 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1393
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                        ETag: "0x8DC582BE3E55B6E"
                                                        x-ms-request-id: b23951fc-501e-005b-2a8c-15d7f7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172131Z-15767c5fc55852fxfeh7csa2dn0000000cpg00000000rpwc
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:31 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        95192.168.2.55935113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:31 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:31 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:31 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1356
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                        ETag: "0x8DC582BDC681E17"
                                                        x-ms-request-id: b9a19e00-401e-0078-388c-154d34000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172131Z-15767c5fc55n4msds84xh4z67w00000006kg000000007kgm
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:31 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        96192.168.2.55935213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:31 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:31 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:31 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1393
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                        ETag: "0x8DC582BE39DFC9B"
                                                        x-ms-request-id: 7afec079-601e-000d-468c-152618000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172131Z-15767c5fc55v7j95gq2uzq37a00000000cy000000000x69e
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:31 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        97192.168.2.55935313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:31 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:31 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:31 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1356
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                        ETag: "0x8DC582BDF66E42D"
                                                        x-ms-request-id: 3ef81e2a-f01e-001f-3f8c-155dc8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172131Z-15767c5fc55qkvj6n60pxm9mbw000000020g00000000bvdk
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:31 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        98192.168.2.55935513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:31 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:32 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:31 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1358
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                        ETag: "0x8DC582BE6431446"
                                                        x-ms-request-id: 6a90313a-301e-005d-1a8c-15e448000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172131Z-15767c5fc55v7j95gq2uzq37a00000000d1g00000000ew1m
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:32 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        99192.168.2.55935413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:32 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:32 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:32 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1395
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                        ETag: "0x8DC582BE017CAD3"
                                                        x-ms-request-id: a68e09c4-f01e-0052-148c-159224000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172132Z-15767c5fc55gq5fmm10nm5qqr80000000d20000000000937
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:32 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        100192.168.2.55935613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:32 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:32 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:32 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1395
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                        ETag: "0x8DC582BDE12A98D"
                                                        x-ms-request-id: 1392789d-401e-0047-0e8c-158597000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172132Z-15767c5fc554wklc0x4mc5pq0w0000000d70000000007b99
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:32 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        101192.168.2.55935713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:32 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:32 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:32 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1358
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                        ETag: "0x8DC582BE022ECC5"
                                                        x-ms-request-id: a76247f8-001e-00a2-558c-15d4d5000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172132Z-15767c5fc55gs96cphvgp5f5vc0000000cr000000000gpvs
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:32 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        102192.168.2.55935813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:32 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:32 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:32 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1389
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                        ETag: "0x8DC582BE10A6BC1"
                                                        x-ms-request-id: 7afec1f8-601e-000d-328c-152618000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172132Z-15767c5fc55gs96cphvgp5f5vc0000000cng00000000ufyz
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:32 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        103192.168.2.55935913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:32 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:32 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:32 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1352
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                        ETag: "0x8DC582BE9DEEE28"
                                                        x-ms-request-id: 92784c80-801e-002a-088c-1531dc000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172132Z-15767c5fc5546rn6ch9zv310e000000005w0000000004s4h
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:32 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        104192.168.2.55936013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:32 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:32 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:32 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1405
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                        ETag: "0x8DC582BE12B5C71"
                                                        x-ms-request-id: 4a217eb8-401e-00a3-218c-158b09000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172132Z-15767c5fc55tsfp92w7yna557w0000000cx00000000064dq
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:32 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        105192.168.2.55936113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:33 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:33 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:33 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1368
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                        ETag: "0x8DC582BDDC22447"
                                                        x-ms-request-id: c825d9ef-901e-007b-278c-15ac50000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172133Z-15767c5fc5546rn6ch9zv310e000000005rg00000000px31
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:33 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        106192.168.2.55936213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:33 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:33 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:33 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1401
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                        ETag: "0x8DC582BE055B528"
                                                        x-ms-request-id: 6a90350a-301e-005d-348c-15e448000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172133Z-15767c5fc554wklc0x4mc5pq0w0000000d6g0000000091tc
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:33 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        107192.168.2.55936313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:33 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:33 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:33 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1364
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                        ETag: "0x8DC582BE1223606"
                                                        x-ms-request-id: ed356ac5-101e-0046-2b8c-1591b0000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172133Z-15767c5fc55xsgnlxyxy40f4m00000000cp000000000ru7a
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:33 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        108192.168.2.55936413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:33 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:33 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:33 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1397
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                        ETag: "0x8DC582BE7262739"
                                                        x-ms-request-id: 76616de5-c01e-0082-6f8c-15af72000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172133Z-15767c5fc55qdcd62bsn50hd6s0000000cq0000000005t5t
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:33 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        109192.168.2.55936513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:33 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:33 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:33 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1360
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                        ETag: "0x8DC582BDDEB5124"
                                                        x-ms-request-id: 29534450-901e-0064-768c-15e8a6000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172133Z-15767c5fc5546rn6ch9zv310e000000005ug00000000aph6
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:33 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        110192.168.2.55936613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:34 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:34 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:34 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1403
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                        ETag: "0x8DC582BDCB4853F"
                                                        x-ms-request-id: 6ec2e3f4-801e-007b-208c-15e7ab000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172134Z-15767c5fc5546rn6ch9zv310e000000005qg00000000tppe
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:34 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        111192.168.2.55936713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:34 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:34 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:34 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1366
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                        ETag: "0x8DC582BDB779FC3"
                                                        x-ms-request-id: 0da95f5c-701e-0097-318c-15b8c1000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172134Z-15767c5fc55gq5fmm10nm5qqr80000000czg000000009f6c
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:34 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        112192.168.2.55936813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:34 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:34 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:34 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1397
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                        ETag: "0x8DC582BDFD43C07"
                                                        x-ms-request-id: 704395e8-201e-005d-718c-15afb3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172134Z-15767c5fc55dtdv4d4saq7t47n0000000cr0000000001gfg
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:34 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        113192.168.2.55936913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:34 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:34 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:34 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1360
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                        ETag: "0x8DC582BDD74D2EC"
                                                        x-ms-request-id: 8be9c1e7-301e-0052-678c-1565d6000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172134Z-15767c5fc55ncqdn59ub6rndq00000000cdg00000000rz5x
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:34 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        114192.168.2.55937013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:34 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:34 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:34 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1427
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                        ETag: "0x8DC582BE56F6873"
                                                        x-ms-request-id: dc68e902-201e-006e-0d8c-15bbe3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172134Z-15767c5fc55d6fcl6x6bw8cpdc0000000ctg0000000065qk
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:34 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        115192.168.2.55937113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:35 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:35 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:35 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1390
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                        ETag: "0x8DC582BE3002601"
                                                        x-ms-request-id: 21dfe39b-001e-0049-468c-155bd5000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172135Z-15767c5fc55jdxmppy6cmd24bn000000050g00000000mn40
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:35 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        116192.168.2.55937213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:35 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:35 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:35 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1401
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                        ETag: "0x8DC582BE2A9D541"
                                                        x-ms-request-id: 82f8cc24-c01e-0014-3a8c-15a6a3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172135Z-15767c5fc55852fxfeh7csa2dn0000000cr000000000hckm
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:35 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        117192.168.2.55937413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:35 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:35 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:35 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1354
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                        ETag: "0x8DC582BE0662D7C"
                                                        x-ms-request-id: 76253f94-c01e-0066-328c-15a1ec000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172135Z-15767c5fc55rg5b7sh1vuv8t7n0000000d4000000000mfyy
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:35 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        118192.168.2.55937513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:35 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:35 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:35 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1391
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                        ETag: "0x8DC582BDF58DC7E"
                                                        x-ms-request-id: 023e591f-a01e-003d-618c-1598d7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172135Z-15767c5fc55v7j95gq2uzq37a00000000cxg00000000y88x
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:35 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        119192.168.2.55937613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:35 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:35 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:35 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1403
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                        ETag: "0x8DC582BDCDD6400"
                                                        x-ms-request-id: 819d4321-f01e-0020-6e8c-15956b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172135Z-15767c5fc5546rn6ch9zv310e000000005u000000000cvvn
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:35 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        120192.168.2.55937813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:35 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:36 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:35 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1399
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                        ETag: "0x8DC582BE8C605FF"
                                                        x-ms-request-id: 831f1653-b01e-0098-198c-15cead000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172135Z-15767c5fc55w69c2zvnrz0gmgw0000000cy000000000wp68
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:36 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        121192.168.2.55937913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:35 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:36 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:36 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1362
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                        ETag: "0x8DC582BDF497570"
                                                        x-ms-request-id: 7585955c-001e-000b-518c-1515a7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172136Z-15767c5fc55gs96cphvgp5f5vc0000000csg00000000bakw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:36 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        122192.168.2.55937713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:36 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:36 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:36 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1366
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                        ETag: "0x8DC582BDF1E2608"
                                                        x-ms-request-id: fb0d4061-601e-0050-198c-152c9c000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172136Z-15767c5fc55jdxmppy6cmd24bn00000004y000000000wfaa
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:36 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        123192.168.2.55937313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:36 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:36 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:36 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1364
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                        ETag: "0x8DC582BEB6AD293"
                                                        x-ms-request-id: ba3c7a68-301e-0099-698c-156683000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172136Z-15767c5fc55fdfx81a30vtr1fw0000000d2000000000whm8
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:36 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        124192.168.2.55938013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:36 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:36 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:36 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1403
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                        ETag: "0x8DC582BDC2EEE03"
                                                        x-ms-request-id: 89fd357a-501e-008f-758c-159054000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172136Z-15767c5fc55jdxmppy6cmd24bn000000053g0000000086r0
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:36 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        125192.168.2.55938213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:36 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:36 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:36 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1399
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                        ETag: "0x8DC582BE1CC18CD"
                                                        x-ms-request-id: a68e0dd8-f01e-0052-1d8c-159224000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172136Z-15767c5fc55w69c2zvnrz0gmgw0000000d5g00000000033e
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:36 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        126192.168.2.55938113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:36 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:36 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:36 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1366
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                        ETag: "0x8DC582BEA414B16"
                                                        x-ms-request-id: a7582d38-101e-0028-528c-158f64000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172136Z-15767c5fc55n4msds84xh4z67w00000006cg00000000ynq9
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:36 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        127192.168.2.55938313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:36 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:36 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:36 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1362
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                        ETag: "0x8DC582BEB256F43"
                                                        x-ms-request-id: 757cff4f-401e-000a-528c-154a7b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172136Z-15767c5fc55gs96cphvgp5f5vc0000000cng00000000ug8g
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:36 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        128192.168.2.55938413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:36 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:36 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:36 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1403
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                        ETag: "0x8DC582BEB866CDB"
                                                        x-ms-request-id: b2395a75-501e-005b-038c-15d7f7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172136Z-15767c5fc55ncqdn59ub6rndq00000000cm0000000003f5q
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:36 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        129192.168.2.55938513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:37 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:37 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:37 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1366
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                        ETag: "0x8DC582BE5B7B174"
                                                        x-ms-request-id: 9bed7ce1-001e-0046-4f8c-15da4b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172137Z-15767c5fc55tsfp92w7yna557w0000000crg00000000veyf
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:37 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        130192.168.2.55938813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:37 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:37 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:37 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1425
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                        ETag: "0x8DC582BE6BD89A1"
                                                        x-ms-request-id: 89fd37a1-501e-008f-6d8c-159054000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172137Z-15767c5fc55v7j95gq2uzq37a00000000cxg00000000y8bu
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:37 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        131192.168.2.55938613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:37 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:37 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:37 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1399
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                        ETag: "0x8DC582BE976026E"
                                                        x-ms-request-id: 7baaa16d-b01e-0097-4d8c-154f33000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172137Z-15767c5fc55gq5fmm10nm5qqr80000000cz000000000b4sy
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:37 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        132192.168.2.55938713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:37 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:37 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:37 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1362
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                        ETag: "0x8DC582BDC13EFEF"
                                                        x-ms-request-id: 819d44cb-f01e-0020-6f8c-15956b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172137Z-15767c5fc55w69c2zvnrz0gmgw0000000d1000000000kcdd
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:37 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        133192.168.2.55938913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:37 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:37 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:37 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1388
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                        ETag: "0x8DC582BDBD9126E"
                                                        x-ms-request-id: 9c5056bf-f01e-0003-548c-154453000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172137Z-15767c5fc5546rn6ch9zv310e000000005qg00000000tpvz
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:37 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        134192.168.2.55939013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:38 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:38 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:38 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1415
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                                        ETag: "0x8DC582BE7C66E85"
                                                        x-ms-request-id: 42bb1403-701e-005c-578c-15bb94000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172138Z-15767c5fc55ncqdn59ub6rndq00000000ckg000000005bvq
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:38 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        135192.168.2.55939113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:38 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:38 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:38 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1378
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                        ETag: "0x8DC582BDB813B3F"
                                                        x-ms-request-id: be019976-401e-0035-5d8c-1582d8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172138Z-15767c5fc55lghvzbxktxfqntw0000000cd000000000xxet
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:38 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        136192.168.2.55939213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:38 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:38 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:38 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1405
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                                                        ETag: "0x8DC582BE89A8F82"
                                                        x-ms-request-id: 56c891cb-f01e-0085-428c-1588ea000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172138Z-15767c5fc55whfstvfw43u8fp40000000d10000000004q2k
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:38 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        137192.168.2.55939413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:38 UTC192OUTGET /rules/rule702551v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:38 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:38 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1415
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                        ETag: "0x8DC582BDCE9703A"
                                                        x-ms-request-id: 5f7380a8-801e-0015-7b8c-15f97f000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172138Z-15767c5fc55852fxfeh7csa2dn0000000cp000000000th1x
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:38 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        138192.168.2.55939313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:38 UTC192OUTGET /rules/rule700500v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:38 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:38 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1368
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                        ETag: "0x8DC582BE51CE7B3"
                                                        x-ms-request-id: 2f845d93-b01e-0070-2f8c-151cc0000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172138Z-15767c5fc55fdfx81a30vtr1fw0000000d3000000000ruvk
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:38 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        139192.168.2.55939613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:39 UTC192OUTGET /rules/rule701351v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:39 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:39 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1407
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                        ETag: "0x8DC582BE687B46A"
                                                        x-ms-request-id: 2d1829d7-b01e-001e-738c-150214000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172139Z-15767c5fc55fdfx81a30vtr1fw0000000d5g00000000dmdx
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:39 UTC1407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        140192.168.2.55939513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:39 UTC192OUTGET /rules/rule702550v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:39 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:39 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1378
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                        ETag: "0x8DC582BE584C214"
                                                        x-ms-request-id: b612907a-401e-008c-278c-1586c2000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172139Z-15767c5fc55852fxfeh7csa2dn0000000cq000000000qb6d
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:39 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        141192.168.2.55939713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:39 UTC192OUTGET /rules/rule701350v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:39 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:39 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1370
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                        ETag: "0x8DC582BDE62E0AB"
                                                        x-ms-request-id: be019a9f-401e-0035-518c-1582d8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172139Z-15767c5fc55qdcd62bsn50hd6s0000000cqg00000000486w
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:39 UTC1370INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        142192.168.2.55939913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:39 UTC192OUTGET /rules/rule702151v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:39 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:39 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1397
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                        ETag: "0x8DC582BE156D2EE"
                                                        x-ms-request-id: 36a1620f-001e-0028-0f8c-15c49f000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172139Z-15767c5fc55d6fcl6x6bw8cpdc0000000cu0000000003uaf
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:39 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        143192.168.2.55940013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:39 UTC192OUTGET /rules/rule703001v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:40 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:39 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1406
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                        ETag: "0x8DC582BEB16F27E"
                                                        x-ms-request-id: 4b0a4db7-c01e-00ad-2d8c-15a2b9000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172139Z-15767c5fc55whfstvfw43u8fp40000000d10000000004q93
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:40 UTC1406INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        144192.168.2.55940213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:40 UTC192OUTGET /rules/rule700751v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:40 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:40 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1414
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                        ETag: "0x8DC582BE03B051D"
                                                        x-ms-request-id: 4b0a4edd-c01e-00ad-438c-15a2b9000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172140Z-15767c5fc552g4w83buhsr3htc0000000cw000000000brdr
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:40 UTC1414INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        145192.168.2.55940113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:40 UTC192OUTGET /rules/rule703000v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:40 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:40 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1369
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                        ETag: "0x8DC582BE32FE1A2"
                                                        x-ms-request-id: 1cc313a1-e01e-0071-4b8c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172140Z-15767c5fc55852fxfeh7csa2dn0000000cr000000000hcw7
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:40 UTC1369INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        146192.168.2.55940313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:40 UTC192OUTGET /rules/rule700750v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:40 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:40 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1377
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT
                                                        ETag: "0x8DC582BEAFF0125"
                                                        x-ms-request-id: 0dcb9a48-e01e-0003-1c8c-150fa8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172140Z-15767c5fc55n4msds84xh4z67w00000006fg00000000kzck
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:40 UTC1377INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        147192.168.2.55940413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:40 UTC192OUTGET /rules/rule700151v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:40 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:40 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1399
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                        ETag: "0x8DC582BE0A2434F"
                                                        x-ms-request-id: 4a218e36-401e-00a3-268c-158b09000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172140Z-15767c5fc554wklc0x4mc5pq0w0000000d5000000000fnhw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:40 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        148192.168.2.55940613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:40 UTC192OUTGET /rules/rule703451v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:40 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:40 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1409
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                        ETag: "0x8DC582BDFC438CF"
                                                        x-ms-request-id: eccf31ce-001e-0079-3e8c-1512e8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172140Z-15767c5fc55lghvzbxktxfqntw0000000cg000000000m1fd
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:40 UTC1409INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        149192.168.2.55940513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 17:21:40 UTC192OUTGET /rules/rule700150v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-04 17:21:40 UTC563INHTTP/1.1 200 OK
                                                        Date: Fri, 04 Oct 2024 17:21:40 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1362
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                        ETag: "0x8DC582BE54CA33F"
                                                        x-ms-request-id: f1c85a61-d01e-007a-188c-15f38c000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241004T172140Z-15767c5fc55dtdv4d4saq7t47n0000000cg000000000w2uu
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-04 17:21:40 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:13:21:00
                                                        Start date:04/10/2024
                                                        Path:C:\Users\user\Desktop\file.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                        Imagebase:0xea0000
                                                        File size:919'040 bytes
                                                        MD5 hash:C64970ACA973DFB3413FD4C44E199117
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:false

                                                        General

                                                        Target ID:1
                                                        Start time:13:21:00
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:taskkill /F /IM chrome.exe /T
                                                        Imagebase:0xf50000
                                                        File size:74'240 bytes
                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:13:21:00
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff6d64d0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:3
                                                        Start time:13:21:00
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:taskkill /F /IM msedge.exe /T
                                                        Imagebase:0xf50000
                                                        File size:74'240 bytes
                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:4
                                                        Start time:13:21:00
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff6d64d0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:13:21:00
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:taskkill /F /IM firefox.exe /T
                                                        Imagebase:0xf50000
                                                        File size:74'240 bytes
                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:7
                                                        Start time:13:21:00
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff6d64d0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:8
                                                        Start time:13:21:01
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:taskkill /F /IM opera.exe /T
                                                        Imagebase:0xf50000
                                                        File size:74'240 bytes
                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:9
                                                        Start time:13:21:01
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff6d64d0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:10
                                                        Start time:13:21:01
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:taskkill /F /IM brave.exe /T
                                                        Imagebase:0xf50000
                                                        File size:74'240 bytes
                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:11
                                                        Start time:13:21:01
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff6d64d0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:12
                                                        Start time:13:21:02
                                                        Start date:04/10/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
                                                        Imagebase:0x7ff715980000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:14
                                                        Start time:13:21:02
                                                        Start date:04/10/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8
                                                        Imagebase:0x7ff715980000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:15
                                                        Start time:13:21:14
                                                        Start date:04/10/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8
                                                        Imagebase:0x7ff715980000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:16
                                                        Start time:13:21:14
                                                        Start date:04/10/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=2004,i,13556074342121696465,2040482084081375078,262144 /prefetch:8
                                                        Imagebase:0x7ff715980000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:2.1%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:4.2%
                                                          Total number of Nodes:1577
                                                          Total number of Limit Nodes:52
                                                          execution_graph 94576 f32a55 94584 f11ebc 94576->94584 94579 f32a70 94586 f039c0 22 API calls 94579->94586 94581 f32a87 94582 f32a7c 94587 f0417d 22 API calls __fread_nolock 94582->94587 94585 f11ec3 IsWindow 94584->94585 94585->94579 94585->94581 94586->94582 94587->94581 94588 ea1cad SystemParametersInfoW 94589 ea2de3 94590 ea2df0 __wsopen_s 94589->94590 94591 ea2e09 94590->94591 94592 ee2c2b ___scrt_fastfail 94590->94592 94605 ea3aa2 94591->94605 94594 ee2c47 GetOpenFileNameW 94592->94594 94596 ee2c96 94594->94596 94662 ea6b57 94596->94662 94600 ee2cab 94600->94600 94602 ea2e27 94633 ea44a8 94602->94633 94674 ee1f50 94605->94674 94608 ea3ae9 94680 eaa6c3 94608->94680 94609 ea3ace 94611 ea6b57 22 API calls 94609->94611 94612 ea3ada 94611->94612 94676 ea37a0 94612->94676 94615 ea2da5 94616 ee1f50 __wsopen_s 94615->94616 94617 ea2db2 GetLongPathNameW 94616->94617 94618 ea6b57 22 API calls 94617->94618 94619 ea2dda 94618->94619 94620 ea3598 94619->94620 94731 eaa961 94620->94731 94623 ea3aa2 23 API calls 94624 ea35b5 94623->94624 94625 ee32eb 94624->94625 94626 ea35c0 94624->94626 94631 ee330d 94625->94631 94748 ebce60 41 API calls 94625->94748 94736 ea515f 94626->94736 94632 ea35df 94632->94602 94749 ea4ecb 94633->94749 94636 ee3833 94771 f12cf9 94636->94771 94637 ea4ecb 94 API calls 94640 ea44e1 94637->94640 94639 ee3848 94641 ee384c 94639->94641 94642 ee3869 94639->94642 94640->94636 94643 ea44e9 94640->94643 94798 ea4f39 94641->94798 94645 ebfe0b 22 API calls 94642->94645 94646 ee3854 94643->94646 94647 ea44f5 94643->94647 94653 ee38ae 94645->94653 94804 f0da5a 82 API calls 94646->94804 94797 ea940c 136 API calls 2 library calls 94647->94797 94650 ee3862 94650->94642 94651 ea2e31 94652 ea4f39 68 API calls 94655 ee3a5f 94652->94655 94653->94655 94659 ea9cb3 22 API calls 94653->94659 94805 f0967e 22 API calls __fread_nolock 94653->94805 94806 f095ad 42 API calls _wcslen 94653->94806 94807 f10b5a 22 API calls 94653->94807 94808 eaa4a1 22 API calls __fread_nolock 94653->94808 94809 ea3ff7 22 API calls 94653->94809 94655->94652 94810 f0989b 82 API calls __wsopen_s 94655->94810 94659->94653 94663 ea6b67 _wcslen 94662->94663 94664 ee4ba1 94662->94664 94667 ea6b7d 94663->94667 94668 ea6ba2 94663->94668 94665 ea93b2 22 API calls 94664->94665 94666 ee4baa 94665->94666 94666->94666 95125 ea6f34 22 API calls 94667->95125 94669 ebfddb 22 API calls 94668->94669 94671 ea6bae 94669->94671 94673 ebfe0b 22 API calls 94671->94673 94672 ea6b85 __fread_nolock 94672->94600 94673->94672 94675 ea3aaf GetFullPathNameW 94674->94675 94675->94608 94675->94609 94677 ea37ae 94676->94677 94686 ea93b2 94677->94686 94679 ea2e12 94679->94615 94681 eaa6dd 94680->94681 94682 eaa6d0 94680->94682 94683 ebfddb 22 API calls 94681->94683 94682->94612 94684 eaa6e7 94683->94684 94685 ebfe0b 22 API calls 94684->94685 94685->94682 94687 ea93c0 94686->94687 94688 ea93c9 __fread_nolock 94686->94688 94687->94688 94690 eaaec9 94687->94690 94688->94679 94688->94688 94691 eaaed9 __fread_nolock 94690->94691 94692 eaaedc 94690->94692 94691->94688 94696 ebfddb 94692->94696 94694 eaaee7 94706 ebfe0b 94694->94706 94699 ebfde0 94696->94699 94698 ebfdfa 94698->94694 94699->94698 94702 ebfdfc 94699->94702 94716 ec4ead 7 API calls 2 library calls 94699->94716 94717 ecea0c 94699->94717 94701 ec066d 94725 ec32a4 RaiseException 94701->94725 94702->94701 94724 ec32a4 RaiseException 94702->94724 94704 ec068a 94704->94694 94709 ebfddb 94706->94709 94707 ecea0c ___std_exception_copy 21 API calls 94707->94709 94708 ebfdfa 94708->94691 94709->94707 94709->94708 94712 ebfdfc 94709->94712 94728 ec4ead 7 API calls 2 library calls 94709->94728 94711 ec066d 94730 ec32a4 RaiseException 94711->94730 94712->94711 94729 ec32a4 RaiseException 94712->94729 94714 ec068a 94714->94691 94716->94699 94722 ed3820 _abort 94717->94722 94718 ed385e 94727 ecf2d9 20 API calls _abort 94718->94727 94720 ed3849 RtlAllocateHeap 94721 ed385c 94720->94721 94720->94722 94721->94699 94722->94718 94722->94720 94726 ec4ead 7 API calls 2 library calls 94722->94726 94724->94701 94725->94704 94726->94722 94727->94721 94728->94709 94729->94711 94730->94714 94732 ebfe0b 22 API calls 94731->94732 94733 eaa976 94732->94733 94734 ebfddb 22 API calls 94733->94734 94735 ea35aa 94734->94735 94735->94623 94737 ea516e 94736->94737 94741 ea518f __fread_nolock 94736->94741 94740 ebfe0b 22 API calls 94737->94740 94738 ebfddb 22 API calls 94739 ea35cc 94738->94739 94742 ea35f3 94739->94742 94740->94741 94741->94738 94743 ea3605 94742->94743 94747 ea3624 __fread_nolock 94742->94747 94745 ebfe0b 22 API calls 94743->94745 94744 ebfddb 22 API calls 94746 ea363b 94744->94746 94745->94747 94746->94632 94747->94744 94748->94625 94811 ea4e90 LoadLibraryA 94749->94811 94754 ee3ccf 94757 ea4f39 68 API calls 94754->94757 94755 ea4ef6 LoadLibraryExW 94819 ea4e59 LoadLibraryA 94755->94819 94759 ee3cd6 94757->94759 94761 ea4e59 3 API calls 94759->94761 94762 ee3cde 94761->94762 94841 ea50f5 94762->94841 94763 ea4f20 94763->94762 94764 ea4f2c 94763->94764 94766 ea4f39 68 API calls 94764->94766 94768 ea44cd 94766->94768 94768->94636 94768->94637 94770 ee3d05 94772 f12d15 94771->94772 94773 ea511f 64 API calls 94772->94773 94774 f12d29 94773->94774 94991 f12e66 94774->94991 94777 ea50f5 40 API calls 94778 f12d56 94777->94778 94779 ea50f5 40 API calls 94778->94779 94780 f12d66 94779->94780 94781 ea50f5 40 API calls 94780->94781 94782 f12d81 94781->94782 94783 ea50f5 40 API calls 94782->94783 94784 f12d9c 94783->94784 94785 ea511f 64 API calls 94784->94785 94786 f12db3 94785->94786 94787 ecea0c ___std_exception_copy 21 API calls 94786->94787 94788 f12dba 94787->94788 94789 ecea0c ___std_exception_copy 21 API calls 94788->94789 94790 f12dc4 94789->94790 94791 ea50f5 40 API calls 94790->94791 94792 f12dd8 94791->94792 94793 f128fe 27 API calls 94792->94793 94794 f12dee 94793->94794 94795 f12d3f 94794->94795 94997 f122ce 79 API calls 94794->94997 94795->94639 94797->94651 94799 ea4f43 94798->94799 94801 ea4f4a 94798->94801 94998 ece678 94799->94998 94802 ea4f6a FreeLibrary 94801->94802 94803 ea4f59 94801->94803 94802->94803 94803->94646 94804->94650 94805->94653 94806->94653 94807->94653 94808->94653 94809->94653 94810->94655 94812 ea4ea8 GetProcAddress 94811->94812 94813 ea4ec6 94811->94813 94814 ea4eb8 94812->94814 94816 ece5eb 94813->94816 94814->94813 94815 ea4ebf FreeLibrary 94814->94815 94815->94813 94849 ece52a 94816->94849 94818 ea4eea 94818->94754 94818->94755 94820 ea4e6e GetProcAddress 94819->94820 94821 ea4e8d 94819->94821 94822 ea4e7e 94820->94822 94824 ea4f80 94821->94824 94822->94821 94823 ea4e86 FreeLibrary 94822->94823 94823->94821 94825 ebfe0b 22 API calls 94824->94825 94826 ea4f95 94825->94826 94917 ea5722 94826->94917 94828 ea4fa1 __fread_nolock 94829 ee3d1d 94828->94829 94830 ea50a5 94828->94830 94840 ea4fdc 94828->94840 94931 f1304d 74 API calls 94829->94931 94920 ea42a2 CreateStreamOnHGlobal 94830->94920 94833 ee3d22 94835 ea511f 64 API calls 94833->94835 94834 ea50f5 40 API calls 94834->94840 94836 ee3d45 94835->94836 94837 ea50f5 40 API calls 94836->94837 94838 ea506e messages 94837->94838 94838->94763 94840->94833 94840->94834 94840->94838 94926 ea511f 94840->94926 94842 ea5107 94841->94842 94845 ee3d70 94841->94845 94953 ece8c4 94842->94953 94846 f128fe 94974 f1274e 94846->94974 94848 f12919 94848->94770 94852 ece536 ___BuildCatchObject 94849->94852 94850 ece544 94874 ecf2d9 20 API calls _abort 94850->94874 94852->94850 94853 ece574 94852->94853 94855 ece579 94853->94855 94856 ece586 94853->94856 94854 ece549 94875 ed27ec 26 API calls _abort 94854->94875 94876 ecf2d9 20 API calls _abort 94855->94876 94866 ed8061 94856->94866 94860 ece58f 94861 ece595 94860->94861 94862 ece5a2 94860->94862 94877 ecf2d9 20 API calls _abort 94861->94877 94878 ece5d4 LeaveCriticalSection __fread_nolock 94862->94878 94865 ece554 __wsopen_s 94865->94818 94867 ed806d ___BuildCatchObject 94866->94867 94879 ed2f5e EnterCriticalSection 94867->94879 94869 ed807b 94880 ed80fb 94869->94880 94873 ed80ac __wsopen_s 94873->94860 94874->94854 94875->94865 94876->94865 94877->94865 94878->94865 94879->94869 94883 ed811e 94880->94883 94881 ed8177 94898 ed4c7d 94881->94898 94883->94881 94889 ed8088 94883->94889 94896 ec918d EnterCriticalSection 94883->94896 94897 ec91a1 LeaveCriticalSection 94883->94897 94887 ed8189 94887->94889 94911 ed3405 11 API calls 2 library calls 94887->94911 94893 ed80b7 94889->94893 94890 ed81a8 94912 ec918d EnterCriticalSection 94890->94912 94916 ed2fa6 LeaveCriticalSection 94893->94916 94895 ed80be 94895->94873 94896->94883 94897->94883 94902 ed4c8a _abort 94898->94902 94899 ed4cca 94914 ecf2d9 20 API calls _abort 94899->94914 94900 ed4cb5 RtlAllocateHeap 94901 ed4cc8 94900->94901 94900->94902 94905 ed29c8 94901->94905 94902->94899 94902->94900 94913 ec4ead 7 API calls 2 library calls 94902->94913 94906 ed29fc _free 94905->94906 94907 ed29d3 RtlFreeHeap 94905->94907 94906->94887 94907->94906 94908 ed29e8 94907->94908 94915 ecf2d9 20 API calls _abort 94908->94915 94910 ed29ee GetLastError 94910->94906 94911->94890 94912->94889 94913->94902 94914->94901 94915->94910 94916->94895 94918 ebfddb 22 API calls 94917->94918 94919 ea5734 94918->94919 94919->94828 94921 ea42bc FindResourceExW 94920->94921 94925 ea42d9 94920->94925 94922 ee35ba LoadResource 94921->94922 94921->94925 94923 ee35cf SizeofResource 94922->94923 94922->94925 94924 ee35e3 LockResource 94923->94924 94923->94925 94924->94925 94925->94840 94927 ea512e 94926->94927 94928 ee3d90 94926->94928 94932 ecece3 94927->94932 94931->94833 94935 eceaaa 94932->94935 94934 ea513c 94934->94840 94938 eceab6 ___BuildCatchObject 94935->94938 94936 eceac2 94948 ecf2d9 20 API calls _abort 94936->94948 94938->94936 94939 eceae8 94938->94939 94950 ec918d EnterCriticalSection 94939->94950 94941 eceac7 94949 ed27ec 26 API calls _abort 94941->94949 94942 eceaf4 94951 ecec0a 62 API calls 2 library calls 94942->94951 94945 eceb08 94952 eceb27 LeaveCriticalSection __fread_nolock 94945->94952 94947 ecead2 __wsopen_s 94947->94934 94948->94941 94949->94947 94950->94942 94951->94945 94952->94947 94956 ece8e1 94953->94956 94955 ea5118 94955->94846 94957 ece8ed ___BuildCatchObject 94956->94957 94958 ece92d 94957->94958 94959 ece900 ___scrt_fastfail 94957->94959 94968 ece925 __wsopen_s 94957->94968 94971 ec918d EnterCriticalSection 94958->94971 94969 ecf2d9 20 API calls _abort 94959->94969 94961 ece937 94972 ece6f8 38 API calls 4 library calls 94961->94972 94964 ece91a 94970 ed27ec 26 API calls _abort 94964->94970 94965 ece94e 94973 ece96c LeaveCriticalSection __fread_nolock 94965->94973 94968->94955 94969->94964 94970->94968 94971->94961 94972->94965 94973->94968 94977 ece4e8 94974->94977 94976 f1275d 94976->94848 94980 ece469 94977->94980 94979 ece505 94979->94976 94981 ece48c 94980->94981 94982 ece478 94980->94982 94987 ece488 __alldvrm 94981->94987 94990 ed333f 11 API calls 2 library calls 94981->94990 94988 ecf2d9 20 API calls _abort 94982->94988 94984 ece47d 94989 ed27ec 26 API calls _abort 94984->94989 94987->94979 94988->94984 94989->94987 94990->94987 94992 f12e7a 94991->94992 94993 f12d3b 94992->94993 94994 ea50f5 40 API calls 94992->94994 94995 f128fe 27 API calls 94992->94995 94996 ea511f 64 API calls 94992->94996 94993->94777 94993->94795 94994->94992 94995->94992 94996->94992 94997->94795 94999 ece684 ___BuildCatchObject 94998->94999 95000 ece695 94999->95000 95002 ece6aa 94999->95002 95011 ecf2d9 20 API calls _abort 95000->95011 95010 ece6a5 __wsopen_s 95002->95010 95013 ec918d EnterCriticalSection 95002->95013 95004 ece69a 95012 ed27ec 26 API calls _abort 95004->95012 95005 ece6c6 95014 ece602 95005->95014 95008 ece6d1 95030 ece6ee LeaveCriticalSection __fread_nolock 95008->95030 95010->94801 95011->95004 95012->95010 95013->95005 95015 ece60f 95014->95015 95016 ece624 95014->95016 95031 ecf2d9 20 API calls _abort 95015->95031 95022 ece61f 95016->95022 95033 ecdc0b 95016->95033 95018 ece614 95032 ed27ec 26 API calls _abort 95018->95032 95022->95008 95026 ece646 95050 ed862f 95026->95050 95029 ed29c8 _free 20 API calls 95029->95022 95030->95010 95031->95018 95032->95022 95034 ecdc23 95033->95034 95036 ecdc1f 95033->95036 95035 ecd955 __fread_nolock 26 API calls 95034->95035 95034->95036 95037 ecdc43 95035->95037 95039 ed4d7a 95036->95039 95065 ed59be 62 API calls 5 library calls 95037->95065 95040 ece640 95039->95040 95041 ed4d90 95039->95041 95043 ecd955 95040->95043 95041->95040 95042 ed29c8 _free 20 API calls 95041->95042 95042->95040 95044 ecd976 95043->95044 95045 ecd961 95043->95045 95044->95026 95066 ecf2d9 20 API calls _abort 95045->95066 95047 ecd966 95067 ed27ec 26 API calls _abort 95047->95067 95049 ecd971 95049->95026 95051 ed863e 95050->95051 95052 ed8653 95050->95052 95068 ecf2c6 20 API calls _abort 95051->95068 95054 ed868e 95052->95054 95058 ed867a 95052->95058 95073 ecf2c6 20 API calls _abort 95054->95073 95055 ed8643 95069 ecf2d9 20 API calls _abort 95055->95069 95070 ed8607 95058->95070 95059 ed8693 95074 ecf2d9 20 API calls _abort 95059->95074 95062 ece64c 95062->95022 95062->95029 95063 ed869b 95075 ed27ec 26 API calls _abort 95063->95075 95065->95036 95066->95047 95067->95049 95068->95055 95069->95062 95076 ed8585 95070->95076 95072 ed862b 95072->95062 95073->95059 95074->95063 95075->95062 95077 ed8591 ___BuildCatchObject 95076->95077 95087 ed5147 EnterCriticalSection 95077->95087 95079 ed859f 95080 ed85c6 95079->95080 95081 ed85d1 95079->95081 95088 ed86ae 95080->95088 95103 ecf2d9 20 API calls _abort 95081->95103 95084 ed85cc 95104 ed85fb LeaveCriticalSection __wsopen_s 95084->95104 95086 ed85ee __wsopen_s 95086->95072 95087->95079 95105 ed53c4 95088->95105 95090 ed86be 95091 ed86c4 95090->95091 95093 ed86f6 95090->95093 95096 ed53c4 __wsopen_s 26 API calls 95090->95096 95118 ed5333 21 API calls 3 library calls 95091->95118 95093->95091 95094 ed53c4 __wsopen_s 26 API calls 95093->95094 95097 ed8702 CloseHandle 95094->95097 95095 ed871c 95098 ed873e 95095->95098 95119 ecf2a3 20 API calls 2 library calls 95095->95119 95099 ed86ed 95096->95099 95097->95091 95100 ed870e GetLastError 95097->95100 95098->95084 95102 ed53c4 __wsopen_s 26 API calls 95099->95102 95100->95091 95102->95093 95103->95084 95104->95086 95106 ed53e6 95105->95106 95107 ed53d1 95105->95107 95111 ed540b 95106->95111 95122 ecf2c6 20 API calls _abort 95106->95122 95120 ecf2c6 20 API calls _abort 95107->95120 95110 ed53d6 95121 ecf2d9 20 API calls _abort 95110->95121 95111->95090 95112 ed5416 95123 ecf2d9 20 API calls _abort 95112->95123 95114 ed53de 95114->95090 95116 ed541e 95124 ed27ec 26 API calls _abort 95116->95124 95118->95095 95119->95098 95120->95110 95121->95114 95122->95112 95123->95116 95124->95114 95125->94672 95126 ee2ba5 95127 ee2baf 95126->95127 95128 ea2b25 95126->95128 95169 ea3a5a 95127->95169 95154 ea2b83 7 API calls 95128->95154 95131 ee2bb8 95176 ea9cb3 95131->95176 95135 ea2b2f 95144 ea2b44 95135->95144 95158 ea3837 95135->95158 95136 ee2bc6 95137 ee2bce 95136->95137 95138 ee2bf5 95136->95138 95182 ea33c6 95137->95182 95141 ea33c6 22 API calls 95138->95141 95143 ee2bf1 GetForegroundWindow ShellExecuteW 95141->95143 95150 ee2c26 95143->95150 95145 ea2b5f 95144->95145 95168 ea30f2 Shell_NotifyIconW ___scrt_fastfail 95144->95168 95152 ea2b66 SetCurrentDirectoryW 95145->95152 95150->95145 95151 ea33c6 22 API calls 95151->95143 95153 ea2b7a 95152->95153 95200 ea2cd4 7 API calls 95154->95200 95156 ea2b2a 95157 ea2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95156->95157 95157->95135 95159 ea3862 ___scrt_fastfail 95158->95159 95201 ea4212 95159->95201 95162 ea38e8 95164 ee3386 Shell_NotifyIconW 95162->95164 95165 ea3906 Shell_NotifyIconW 95162->95165 95205 ea3923 95165->95205 95167 ea391c 95167->95144 95168->95145 95170 ee1f50 __wsopen_s 95169->95170 95171 ea3a67 GetModuleFileNameW 95170->95171 95172 ea9cb3 22 API calls 95171->95172 95173 ea3a8d 95172->95173 95174 ea3aa2 23 API calls 95173->95174 95175 ea3a97 95174->95175 95175->95131 95177 ea9cc2 _wcslen 95176->95177 95178 ebfe0b 22 API calls 95177->95178 95179 ea9cea __fread_nolock 95178->95179 95180 ebfddb 22 API calls 95179->95180 95181 ea9d00 95180->95181 95181->95136 95183 ee30bb 95182->95183 95184 ea33dd 95182->95184 95186 ebfddb 22 API calls 95183->95186 95234 ea33ee 95184->95234 95188 ee30c5 _wcslen 95186->95188 95187 ea33e8 95191 ea6350 95187->95191 95189 ebfe0b 22 API calls 95188->95189 95190 ee30fe __fread_nolock 95189->95190 95192 ea6362 95191->95192 95193 ee4a51 95191->95193 95249 ea6373 95192->95249 95259 ea4a88 22 API calls __fread_nolock 95193->95259 95196 ea636e 95196->95151 95197 ee4a5b 95198 ee4a67 95197->95198 95260 eaa8c7 22 API calls __fread_nolock 95197->95260 95200->95156 95202 ee35a4 95201->95202 95203 ea38b7 95201->95203 95202->95203 95204 ee35ad DestroyIcon 95202->95204 95203->95162 95227 f0c874 42 API calls _strftime 95203->95227 95204->95203 95206 ea393f 95205->95206 95225 ea3a13 95205->95225 95228 ea6270 95206->95228 95209 ea395a 95211 ea6b57 22 API calls 95209->95211 95210 ee3393 LoadStringW 95212 ee33ad 95210->95212 95213 ea396f 95211->95213 95220 ea3994 ___scrt_fastfail 95212->95220 95233 eaa8c7 22 API calls __fread_nolock 95212->95233 95214 ea397c 95213->95214 95215 ee33c9 95213->95215 95214->95212 95217 ea3986 95214->95217 95218 ea6350 22 API calls 95215->95218 95219 ea6350 22 API calls 95217->95219 95221 ee33d7 95218->95221 95219->95220 95222 ea39f9 Shell_NotifyIconW 95220->95222 95221->95220 95223 ea33c6 22 API calls 95221->95223 95222->95225 95224 ee33f9 95223->95224 95226 ea33c6 22 API calls 95224->95226 95225->95167 95226->95220 95227->95162 95229 ebfe0b 22 API calls 95228->95229 95230 ea6295 95229->95230 95231 ebfddb 22 API calls 95230->95231 95232 ea394d 95231->95232 95232->95209 95232->95210 95233->95220 95235 ea33fe _wcslen 95234->95235 95236 ee311d 95235->95236 95237 ea3411 95235->95237 95239 ebfddb 22 API calls 95236->95239 95244 eaa587 95237->95244 95241 ee3127 95239->95241 95240 ea341e __fread_nolock 95240->95187 95242 ebfe0b 22 API calls 95241->95242 95243 ee3157 __fread_nolock 95242->95243 95245 eaa59d 95244->95245 95248 eaa598 __fread_nolock 95244->95248 95246 eef80f 95245->95246 95247 ebfe0b 22 API calls 95245->95247 95247->95248 95248->95240 95250 ea63b6 __fread_nolock 95249->95250 95251 ea6382 95249->95251 95250->95196 95251->95250 95252 ee4a82 95251->95252 95253 ea63a9 95251->95253 95255 ebfddb 22 API calls 95252->95255 95254 eaa587 22 API calls 95253->95254 95254->95250 95256 ee4a91 95255->95256 95257 ebfe0b 22 API calls 95256->95257 95258 ee4ac5 __fread_nolock 95257->95258 95259->95197 95260->95198 95261 ea1044 95266 ea10f3 95261->95266 95263 ea104a 95302 ec00a3 29 API calls __onexit 95263->95302 95265 ea1054 95303 ea1398 95266->95303 95270 ea116a 95271 eaa961 22 API calls 95270->95271 95272 ea1174 95271->95272 95273 eaa961 22 API calls 95272->95273 95274 ea117e 95273->95274 95275 eaa961 22 API calls 95274->95275 95276 ea1188 95275->95276 95277 eaa961 22 API calls 95276->95277 95278 ea11c6 95277->95278 95279 eaa961 22 API calls 95278->95279 95280 ea1292 95279->95280 95313 ea171c 95280->95313 95284 ea12c4 95285 eaa961 22 API calls 95284->95285 95286 ea12ce 95285->95286 95334 eb1940 95286->95334 95288 ea12f9 95344 ea1aab 95288->95344 95290 ea1315 95291 ea1325 GetStdHandle 95290->95291 95292 ea137a 95291->95292 95293 ee2485 95291->95293 95297 ea1387 OleInitialize 95292->95297 95293->95292 95294 ee248e 95293->95294 95295 ebfddb 22 API calls 95294->95295 95296 ee2495 95295->95296 95351 f1011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95296->95351 95297->95263 95299 ee249e 95352 f10944 CreateThread 95299->95352 95301 ee24aa CloseHandle 95301->95292 95302->95265 95353 ea13f1 95303->95353 95306 ea13f1 22 API calls 95307 ea13d0 95306->95307 95308 eaa961 22 API calls 95307->95308 95309 ea13dc 95308->95309 95310 ea6b57 22 API calls 95309->95310 95311 ea1129 95310->95311 95312 ea1bc3 6 API calls 95311->95312 95312->95270 95314 eaa961 22 API calls 95313->95314 95315 ea172c 95314->95315 95316 eaa961 22 API calls 95315->95316 95317 ea1734 95316->95317 95318 eaa961 22 API calls 95317->95318 95319 ea174f 95318->95319 95320 ebfddb 22 API calls 95319->95320 95321 ea129c 95320->95321 95322 ea1b4a 95321->95322 95323 ea1b58 95322->95323 95324 eaa961 22 API calls 95323->95324 95325 ea1b63 95324->95325 95326 eaa961 22 API calls 95325->95326 95327 ea1b6e 95326->95327 95328 eaa961 22 API calls 95327->95328 95329 ea1b79 95328->95329 95330 eaa961 22 API calls 95329->95330 95331 ea1b84 95330->95331 95332 ebfddb 22 API calls 95331->95332 95333 ea1b96 RegisterWindowMessageW 95332->95333 95333->95284 95335 eb1981 95334->95335 95341 eb195d 95334->95341 95360 ec0242 5 API calls __Init_thread_wait 95335->95360 95338 eb198b 95338->95341 95361 ec01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95338->95361 95339 eb8727 95343 eb196e 95339->95343 95363 ec01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95339->95363 95341->95343 95362 ec0242 5 API calls __Init_thread_wait 95341->95362 95343->95288 95345 ea1abb 95344->95345 95346 ee272d 95344->95346 95347 ebfddb 22 API calls 95345->95347 95364 f13209 23 API calls 95346->95364 95349 ea1ac3 95347->95349 95349->95290 95350 ee2738 95351->95299 95352->95301 95365 f1092a 28 API calls 95352->95365 95354 eaa961 22 API calls 95353->95354 95355 ea13fc 95354->95355 95356 eaa961 22 API calls 95355->95356 95357 ea1404 95356->95357 95358 eaa961 22 API calls 95357->95358 95359 ea13c6 95358->95359 95359->95306 95360->95338 95361->95341 95362->95339 95363->95343 95364->95350 95366 ef2a00 95382 ead7b0 messages 95366->95382 95367 eadb11 PeekMessageW 95367->95382 95368 ead807 GetInputState 95368->95367 95368->95382 95369 ef1cbe TranslateAcceleratorW 95369->95382 95371 eadb8f PeekMessageW 95371->95382 95372 eada04 timeGetTime 95372->95382 95373 eadb73 TranslateMessage DispatchMessageW 95373->95371 95374 eadbaf Sleep 95374->95382 95375 ef2b74 Sleep 95388 ef2ae5 95375->95388 95378 ef1dda timeGetTime 95528 ebe300 23 API calls 95378->95528 95381 ef2c0b GetExitCodeProcess 95383 ef2c37 CloseHandle 95381->95383 95384 ef2c21 WaitForSingleObject 95381->95384 95382->95367 95382->95368 95382->95369 95382->95371 95382->95372 95382->95373 95382->95374 95382->95375 95382->95378 95385 ead9d5 95382->95385 95386 f329bf GetForegroundWindow 95382->95386 95382->95388 95398 eadd50 95382->95398 95405 eb1310 95382->95405 95463 eabf40 95382->95463 95521 ebedf6 95382->95521 95526 eadfd0 349 API calls 3 library calls 95382->95526 95527 ebe551 timeGetTime 95382->95527 95529 f13a2a 23 API calls 95382->95529 95530 eaec40 95382->95530 95554 f1359c 82 API calls __wsopen_s 95382->95554 95383->95388 95384->95382 95384->95383 95386->95382 95388->95381 95388->95382 95388->95385 95389 ef2ca9 Sleep 95388->95389 95555 f25658 23 API calls 95388->95555 95556 f0e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95388->95556 95557 ebe551 timeGetTime 95388->95557 95558 f0d4dc 47 API calls 95388->95558 95389->95382 95399 eadd6f 95398->95399 95400 eadd83 95398->95400 95559 ead260 95399->95559 95591 f1359c 82 API calls __wsopen_s 95400->95591 95402 eadd7a 95402->95382 95404 ef2f75 95404->95404 95406 eb17b0 95405->95406 95407 eb1376 95405->95407 95647 ec0242 5 API calls __Init_thread_wait 95406->95647 95408 eb1390 95407->95408 95409 ef6331 95407->95409 95412 eb1940 9 API calls 95408->95412 95661 f2709c 349 API calls 95409->95661 95411 eb17ba 95415 eb17fb 95411->95415 95417 ea9cb3 22 API calls 95411->95417 95416 eb13a0 95412->95416 95414 ef633d 95414->95382 95420 ef6346 95415->95420 95422 eb182c 95415->95422 95418 eb1940 9 API calls 95416->95418 95426 eb17d4 95417->95426 95419 eb13b6 95418->95419 95419->95415 95421 eb13ec 95419->95421 95662 f1359c 82 API calls __wsopen_s 95420->95662 95421->95420 95445 eb1408 __fread_nolock 95421->95445 95649 eaaceb 95422->95649 95425 eb1839 95659 ebd217 349 API calls 95425->95659 95648 ec01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95426->95648 95429 ef636e 95663 f1359c 82 API calls __wsopen_s 95429->95663 95430 eb152f 95432 eb153c 95430->95432 95433 ef63d1 95430->95433 95435 eb1940 9 API calls 95432->95435 95665 f25745 54 API calls _wcslen 95433->95665 95437 eb1549 95435->95437 95436 ebfddb 22 API calls 95436->95445 95440 ef64fa 95437->95440 95442 eb1940 9 API calls 95437->95442 95438 eb1872 95660 ebfaeb 23 API calls 95438->95660 95439 ebfe0b 22 API calls 95439->95445 95449 ef6369 95440->95449 95667 f1359c 82 API calls __wsopen_s 95440->95667 95447 eb1563 95442->95447 95444 eaec40 349 API calls 95444->95445 95445->95425 95445->95429 95445->95430 95445->95436 95445->95439 95445->95444 95446 ef63b2 95445->95446 95445->95449 95664 f1359c 82 API calls __wsopen_s 95446->95664 95447->95440 95452 eb15c7 messages 95447->95452 95666 eaa8c7 22 API calls __fread_nolock 95447->95666 95449->95382 95451 eb1940 9 API calls 95451->95452 95452->95438 95452->95440 95452->95449 95452->95451 95454 eb167b messages 95452->95454 95599 f2ab67 95452->95599 95602 f2abf7 95452->95602 95607 f329bf 95452->95607 95611 f15c5a 95452->95611 95616 ebf645 95452->95616 95623 f2a67c CreateToolhelp32Snapshot Process32FirstW 95452->95623 95643 f319bc 95452->95643 95453 eb171d 95453->95382 95454->95453 95646 ebce17 22 API calls messages 95454->95646 95918 eaadf0 95463->95918 95465 eabf9d 95466 eabfa9 95465->95466 95467 ef04b6 95465->95467 95469 eac01e 95466->95469 95471 ef04c6 95466->95471 95936 f1359c 82 API calls __wsopen_s 95467->95936 95923 eaac91 95469->95923 95937 f1359c 82 API calls __wsopen_s 95471->95937 95473 eac7da 95477 ebfe0b 22 API calls 95473->95477 95482 eac808 __fread_nolock 95477->95482 95480 ef04f5 95483 ef055a 95480->95483 95938 ebd217 349 API calls 95480->95938 95487 ebfe0b 22 API calls 95482->95487 95506 eac603 95483->95506 95939 f1359c 82 API calls __wsopen_s 95483->95939 95484 eaec40 349 API calls 95517 eac039 __fread_nolock messages 95484->95517 95485 f07120 22 API calls 95485->95517 95486 ef091a 95948 f13209 23 API calls 95486->95948 95518 eac350 __fread_nolock messages 95487->95518 95488 eaaf8a 22 API calls 95488->95517 95491 ef08a5 95492 eaec40 349 API calls 95491->95492 95494 ef08cf 95492->95494 95494->95506 95946 eaa81b 41 API calls 95494->95946 95495 ef0591 95940 f1359c 82 API calls __wsopen_s 95495->95940 95496 ef08f6 95947 f1359c 82 API calls __wsopen_s 95496->95947 95501 eaaceb 23 API calls 95501->95517 95502 eac253 95504 ef0976 95502->95504 95511 eac297 messages 95502->95511 95503 eac237 95503->95502 95949 eaa8c7 22 API calls __fread_nolock 95503->95949 95509 eaaceb 23 API calls 95504->95509 95506->95382 95508 ebfddb 22 API calls 95508->95517 95510 ef09bf 95509->95510 95510->95506 95950 f1359c 82 API calls __wsopen_s 95510->95950 95511->95510 95512 eaaceb 23 API calls 95511->95512 95513 eac335 95512->95513 95513->95510 95515 eac342 95513->95515 95514 eabbe0 40 API calls 95514->95517 95934 eaa704 22 API calls messages 95515->95934 95517->95473 95517->95480 95517->95482 95517->95483 95517->95484 95517->95485 95517->95486 95517->95488 95517->95491 95517->95495 95517->95496 95517->95501 95517->95503 95517->95506 95517->95508 95517->95510 95517->95514 95519 ebfe0b 22 API calls 95517->95519 95927 eaad81 95517->95927 95941 f07099 22 API calls __fread_nolock 95517->95941 95942 f25745 54 API calls _wcslen 95517->95942 95943 ebaa42 22 API calls messages 95517->95943 95944 f0f05c 40 API calls 95517->95944 95945 eaa993 41 API calls 95517->95945 95520 eac3ac 95518->95520 95935 ebce17 22 API calls messages 95518->95935 95519->95517 95520->95382 95522 ebee09 95521->95522 95523 ebee12 95521->95523 95522->95382 95523->95522 95524 ebee36 IsDialogMessageW 95523->95524 95525 efefaf GetClassLongW 95523->95525 95524->95522 95524->95523 95525->95523 95525->95524 95526->95382 95527->95382 95528->95382 95529->95382 95532 eaec76 messages 95530->95532 95531 ec00a3 29 API calls pre_c_initialization 95531->95532 95532->95531 95533 ebfddb 22 API calls 95532->95533 95534 eafef7 95532->95534 95537 ef4b0b 95532->95537 95538 ef4600 95532->95538 95542 eaa8c7 22 API calls 95532->95542 95545 ec0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95532->95545 95546 eafbe3 95532->95546 95547 eaa961 22 API calls 95532->95547 95548 eaed9d messages 95532->95548 95551 ef4beb 95532->95551 95552 ec01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95532->95552 95553 eaf3ae messages 95532->95553 95960 eb01e0 349 API calls 2 library calls 95532->95960 95961 eb06a0 41 API calls messages 95532->95961 95533->95532 95534->95548 95963 eaa8c7 22 API calls __fread_nolock 95534->95963 95965 f1359c 82 API calls __wsopen_s 95537->95965 95538->95548 95962 eaa8c7 22 API calls __fread_nolock 95538->95962 95542->95532 95545->95532 95546->95548 95549 ef4bdc 95546->95549 95546->95553 95547->95532 95548->95382 95966 f1359c 82 API calls __wsopen_s 95549->95966 95967 f1359c 82 API calls __wsopen_s 95551->95967 95552->95532 95553->95548 95964 f1359c 82 API calls __wsopen_s 95553->95964 95554->95382 95555->95388 95556->95388 95557->95388 95558->95388 95560 eaec40 349 API calls 95559->95560 95578 ead29d 95560->95578 95561 ef1bc4 95598 f1359c 82 API calls __wsopen_s 95561->95598 95563 ead30b messages 95563->95402 95564 ead3c3 95566 ead6d5 95564->95566 95567 ead3ce 95564->95567 95565 ead5ff 95569 ef1bb5 95565->95569 95570 ead614 95565->95570 95566->95563 95575 ebfe0b 22 API calls 95566->95575 95568 ebfddb 22 API calls 95567->95568 95579 ead3d5 __fread_nolock 95568->95579 95597 f25705 23 API calls 95569->95597 95573 ebfddb 22 API calls 95570->95573 95571 ead4b8 95577 ebfe0b 22 API calls 95571->95577 95584 ead46a 95573->95584 95574 ebfddb 22 API calls 95574->95578 95575->95579 95576 ead429 __fread_nolock messages 95576->95565 95583 ef1ba4 95576->95583 95576->95584 95587 ef1b7f 95576->95587 95589 ef1b5d 95576->95589 95593 ea1f6f 349 API calls 95576->95593 95577->95576 95578->95561 95578->95563 95578->95564 95578->95566 95578->95571 95578->95574 95578->95576 95580 ebfddb 22 API calls 95579->95580 95581 ead3f6 95579->95581 95580->95581 95581->95576 95592 eabec0 349 API calls 95581->95592 95596 f1359c 82 API calls __wsopen_s 95583->95596 95584->95402 95595 f1359c 82 API calls __wsopen_s 95587->95595 95594 f1359c 82 API calls __wsopen_s 95589->95594 95591->95404 95592->95576 95593->95576 95594->95584 95595->95584 95596->95584 95597->95561 95598->95563 95668 f2aff9 95599->95668 95603 f2aff9 217 API calls 95602->95603 95605 f2ac0c 95603->95605 95604 f2ac54 95604->95452 95605->95604 95606 eaaceb 23 API calls 95605->95606 95606->95604 95608 f329cb 95607->95608 95609 f32a01 GetForegroundWindow 95608->95609 95610 f329d1 95608->95610 95609->95610 95610->95452 95612 ea7510 53 API calls 95611->95612 95613 f15c6d 95612->95613 95823 f0dbbe lstrlenW 95613->95823 95615 f15c77 95615->95452 95617 eab567 39 API calls 95616->95617 95618 ebf659 95617->95618 95619 eff2dc Sleep 95618->95619 95620 ebf661 timeGetTime 95618->95620 95621 eab567 39 API calls 95620->95621 95622 ebf677 95621->95622 95622->95452 95631 f2a6c3 95623->95631 95624 eaa961 22 API calls 95624->95631 95625 ea9cb3 22 API calls 95625->95631 95627 ea6350 22 API calls 95627->95631 95629 ea7510 53 API calls 95629->95631 95631->95624 95631->95625 95631->95627 95631->95629 95632 f2a796 Process32NextW 95631->95632 95828 ea525f 95631->95828 95876 ebce60 41 API calls 95631->95876 95877 f2b574 22 API calls __fread_nolock 95631->95877 95632->95631 95633 f2a7aa CloseHandle 95632->95633 95870 ea63eb 95633->95870 95637 f2a7cd 95879 eb04f0 22 API calls 95637->95879 95639 eb04f0 22 API calls 95642 f2a7d9 95639->95642 95640 f2a87d 95640->95452 95642->95639 95642->95640 95880 ea62b5 22 API calls 95642->95880 95905 f32ad8 95643->95905 95645 f319cb 95645->95452 95646->95454 95647->95411 95648->95415 95650 eaacf9 95649->95650 95658 eaad2a messages 95649->95658 95651 eaad55 95650->95651 95652 eaad01 messages 95650->95652 95651->95658 95916 eaa8c7 22 API calls __fread_nolock 95651->95916 95654 eefa48 95652->95654 95655 eaad21 95652->95655 95652->95658 95654->95658 95917 ebce17 22 API calls messages 95654->95917 95656 eefa3a VariantClear 95655->95656 95655->95658 95656->95658 95658->95425 95659->95438 95660->95438 95661->95414 95662->95449 95663->95449 95664->95449 95665->95447 95666->95452 95667->95449 95669 f2b01d ___scrt_fastfail 95668->95669 95670 f2b094 95669->95670 95671 f2b058 95669->95671 95675 eab567 39 API calls 95670->95675 95676 f2b08b 95670->95676 95789 eab567 95671->95789 95673 f2b063 95673->95676 95679 eab567 39 API calls 95673->95679 95674 f2b0ed 95759 ea7510 95674->95759 95678 f2b0a5 95675->95678 95676->95674 95680 eab567 39 API calls 95676->95680 95682 eab567 39 API calls 95678->95682 95683 f2b078 95679->95683 95680->95674 95682->95676 95685 eab567 39 API calls 95683->95685 95685->95676 95686 f2b115 95687 f2b1d8 95686->95687 95688 f2b11f 95686->95688 95689 f2b20a GetCurrentDirectoryW 95687->95689 95691 ea7510 53 API calls 95687->95691 95690 ea7510 53 API calls 95688->95690 95692 ebfe0b 22 API calls 95689->95692 95693 f2b130 95690->95693 95696 f2b1ef 95691->95696 95694 f2b22f GetCurrentDirectoryW 95692->95694 95695 ea7620 22 API calls 95693->95695 95697 f2b23c 95694->95697 95698 f2b13a 95695->95698 95699 ea7620 22 API calls 95696->95699 95702 f2b275 95697->95702 95794 ea9c6e 22 API calls 95697->95794 95700 ea7510 53 API calls 95698->95700 95701 f2b1f9 _wcslen 95699->95701 95703 f2b14b 95700->95703 95701->95689 95701->95702 95710 f2b287 95702->95710 95711 f2b28b 95702->95711 95705 ea7620 22 API calls 95703->95705 95707 f2b155 95705->95707 95706 f2b255 95795 ea9c6e 22 API calls 95706->95795 95709 ea7510 53 API calls 95707->95709 95713 f2b166 95709->95713 95715 f2b39a CreateProcessW 95710->95715 95716 f2b2f8 95710->95716 95797 f107c0 10 API calls 95711->95797 95712 f2b265 95796 ea9c6e 22 API calls 95712->95796 95718 ea7620 22 API calls 95713->95718 95758 f2b32f _wcslen 95715->95758 95800 f011c8 39 API calls 95716->95800 95722 f2b170 95718->95722 95719 f2b294 95798 f106e6 10 API calls 95719->95798 95725 f2b1a6 GetSystemDirectoryW 95722->95725 95730 ea7510 53 API calls 95722->95730 95723 f2b2aa 95799 f105a7 8 API calls 95723->95799 95724 f2b2fd 95728 f2b323 95724->95728 95729 f2b32a 95724->95729 95727 ebfe0b 22 API calls 95725->95727 95732 f2b1cb GetSystemDirectoryW 95727->95732 95801 f01201 128 API calls 2 library calls 95728->95801 95802 f014ce 6 API calls 95729->95802 95734 f2b187 95730->95734 95731 f2b2d0 95731->95710 95732->95697 95737 ea7620 22 API calls 95734->95737 95736 f2b328 95736->95758 95740 f2b191 _wcslen 95737->95740 95738 f2b3d6 GetLastError 95751 f2b41a 95738->95751 95739 f2b42f CloseHandle 95741 f2b43f 95739->95741 95748 f2b49a 95739->95748 95740->95697 95740->95725 95742 f2b451 95741->95742 95743 f2b446 CloseHandle 95741->95743 95745 f2b463 95742->95745 95746 f2b458 CloseHandle 95742->95746 95743->95742 95749 f2b475 95745->95749 95750 f2b46a CloseHandle 95745->95750 95746->95745 95747 f2b4a6 95747->95751 95748->95747 95754 f2b4d2 CloseHandle 95748->95754 95803 f109d9 34 API calls 95749->95803 95750->95749 95786 f10175 95751->95786 95754->95751 95756 f2b486 95804 f2b536 25 API calls 95756->95804 95758->95738 95758->95739 95760 ea7522 95759->95760 95761 ea7525 95759->95761 95782 ea7620 95760->95782 95762 ea755b 95761->95762 95763 ea752d 95761->95763 95764 ee50f6 95762->95764 95767 ea756d 95762->95767 95774 ee500f 95762->95774 95805 ec51c6 26 API calls 95763->95805 95808 ec5183 26 API calls 95764->95808 95806 ebfb21 51 API calls 95767->95806 95768 ea753d 95771 ebfddb 22 API calls 95768->95771 95769 ee510e 95769->95769 95773 ea7547 95771->95773 95775 ea9cb3 22 API calls 95773->95775 95776 ebfe0b 22 API calls 95774->95776 95781 ee5088 95774->95781 95775->95760 95777 ee5058 95776->95777 95778 ebfddb 22 API calls 95777->95778 95779 ee507f 95778->95779 95780 ea9cb3 22 API calls 95779->95780 95780->95781 95807 ebfb21 51 API calls 95781->95807 95783 ea762a _wcslen 95782->95783 95784 ebfe0b 22 API calls 95783->95784 95785 ea763f 95784->95785 95785->95686 95809 f1030f 95786->95809 95790 eab578 95789->95790 95791 eab57f 95789->95791 95790->95791 95822 ec62d1 39 API calls _strftime 95790->95822 95791->95673 95793 eab5c2 95793->95673 95794->95706 95795->95712 95796->95702 95797->95719 95798->95723 95799->95731 95800->95724 95801->95736 95802->95758 95803->95756 95804->95748 95805->95768 95806->95768 95807->95764 95808->95769 95810 f10321 CloseHandle 95809->95810 95811 f10329 95809->95811 95810->95811 95812 f10336 95811->95812 95813 f1032e CloseHandle 95811->95813 95814 f10343 95812->95814 95815 f1033b CloseHandle 95812->95815 95813->95812 95816 f10350 95814->95816 95817 f10348 CloseHandle 95814->95817 95815->95814 95818 f10355 CloseHandle 95816->95818 95819 f1035d 95816->95819 95817->95816 95818->95819 95820 f10362 CloseHandle 95819->95820 95821 f1017d 95819->95821 95820->95821 95821->95452 95822->95793 95824 f0dc06 95823->95824 95825 f0dbdc GetFileAttributesW 95823->95825 95824->95615 95825->95824 95826 f0dbe8 FindFirstFileW 95825->95826 95826->95824 95827 f0dbf9 FindClose 95826->95827 95827->95824 95829 eaa961 22 API calls 95828->95829 95830 ea5275 95829->95830 95831 eaa961 22 API calls 95830->95831 95832 ea527d 95831->95832 95833 eaa961 22 API calls 95832->95833 95834 ea5285 95833->95834 95835 eaa961 22 API calls 95834->95835 95836 ea528d 95835->95836 95837 ee3df5 95836->95837 95838 ea52c1 95836->95838 95899 eaa8c7 22 API calls __fread_nolock 95837->95899 95840 ea6d25 22 API calls 95838->95840 95842 ea52cf 95840->95842 95841 ee3dfe 95843 eaa6c3 22 API calls 95841->95843 95844 ea93b2 22 API calls 95842->95844 95846 ea5304 95843->95846 95845 ea52d9 95844->95845 95845->95846 95847 ea6d25 22 API calls 95845->95847 95848 ea5325 95846->95848 95862 ea5349 95846->95862 95865 ee3e20 95846->95865 95850 ea52fa 95847->95850 95848->95862 95894 ea4c6d 95848->95894 95852 ea93b2 22 API calls 95850->95852 95851 ea535a 95854 ea5370 95851->95854 95897 eaa8c7 22 API calls __fread_nolock 95851->95897 95852->95846 95860 ea5384 95854->95860 95898 eaa8c7 22 API calls __fread_nolock 95854->95898 95856 ea6b57 22 API calls 95867 ee3ee0 95856->95867 95859 ea538f 95868 ea539a 95859->95868 95902 eaa8c7 22 API calls __fread_nolock 95859->95902 95860->95859 95901 eaa8c7 22 API calls __fread_nolock 95860->95901 95861 ea6d25 22 API calls 95861->95862 95881 ea6d25 95862->95881 95865->95856 95866 ea4c6d 22 API calls 95866->95867 95867->95862 95867->95866 95900 ea49bd 22 API calls __fread_nolock 95867->95900 95868->95631 95871 ea63f3 95870->95871 95872 ebfddb 22 API calls 95871->95872 95873 ea6401 95872->95873 95904 ea6a26 22 API calls 95873->95904 95875 ea6409 95878 ea6a50 22 API calls 95875->95878 95876->95631 95877->95631 95878->95637 95879->95642 95880->95642 95882 ea6d91 95881->95882 95883 ea6d34 95881->95883 95884 ea93b2 22 API calls 95882->95884 95883->95882 95885 ea6d3f 95883->95885 95890 ea6d62 __fread_nolock 95884->95890 95886 ea6d5a 95885->95886 95887 ee4c9d 95885->95887 95903 ea6f34 22 API calls 95886->95903 95888 ebfddb 22 API calls 95887->95888 95891 ee4ca7 95888->95891 95890->95851 95892 ebfe0b 22 API calls 95891->95892 95893 ee4cda 95892->95893 95895 eaaec9 22 API calls 95894->95895 95896 ea4c78 95895->95896 95896->95861 95896->95862 95897->95854 95898->95860 95899->95841 95900->95867 95901->95859 95902->95868 95903->95890 95904->95875 95906 eaaceb 23 API calls 95905->95906 95907 f32af3 95906->95907 95908 f32aff 95907->95908 95909 f32b1d 95907->95909 95911 ea7510 53 API calls 95908->95911 95910 ea6b57 22 API calls 95909->95910 95912 f32b1b 95910->95912 95913 f32b0c 95911->95913 95912->95645 95913->95912 95915 eaa8c7 22 API calls __fread_nolock 95913->95915 95915->95912 95916->95658 95917->95658 95919 eaae01 95918->95919 95922 eaae1c messages 95918->95922 95920 eaaec9 22 API calls 95919->95920 95921 eaae09 CharUpperBuffW 95920->95921 95921->95922 95922->95465 95924 eaacae 95923->95924 95925 eaacd1 95924->95925 95951 f1359c 82 API calls __wsopen_s 95924->95951 95925->95517 95928 eefadb 95927->95928 95929 eaad92 95927->95929 95930 ebfddb 22 API calls 95929->95930 95931 eaad99 95930->95931 95952 eaadcd 95931->95952 95934->95518 95935->95518 95936->95471 95937->95506 95938->95483 95939->95506 95940->95506 95941->95517 95942->95517 95943->95517 95944->95517 95945->95517 95946->95496 95947->95506 95948->95503 95949->95502 95950->95506 95951->95925 95955 eaaddd 95952->95955 95953 eaadb6 95953->95517 95954 ebfddb 22 API calls 95954->95955 95955->95953 95955->95954 95956 eaa961 22 API calls 95955->95956 95957 eaadcd 22 API calls 95955->95957 95959 eaa8c7 22 API calls __fread_nolock 95955->95959 95956->95955 95957->95955 95959->95955 95960->95532 95961->95532 95962->95548 95963->95548 95964->95548 95965->95548 95966->95551 95967->95548 95968 ed8402 95973 ed81be 95968->95973 95972 ed842a 95978 ed81ef try_get_first_available_module 95973->95978 95975 ed83ee 95992 ed27ec 26 API calls _abort 95975->95992 95977 ed8343 95977->95972 95985 ee0984 95977->95985 95978->95978 95981 ed8338 95978->95981 95988 ec8e0b 40 API calls 2 library calls 95978->95988 95980 ed838c 95980->95981 95989 ec8e0b 40 API calls 2 library calls 95980->95989 95981->95977 95991 ecf2d9 20 API calls _abort 95981->95991 95983 ed83ab 95983->95981 95990 ec8e0b 40 API calls 2 library calls 95983->95990 95993 ee0081 95985->95993 95987 ee099f 95987->95972 95988->95980 95989->95983 95990->95981 95991->95975 95992->95977 95994 ee008d ___BuildCatchObject 95993->95994 95995 ee009b 95994->95995 95998 ee00d4 95994->95998 96051 ecf2d9 20 API calls _abort 95995->96051 95997 ee00a0 96052 ed27ec 26 API calls _abort 95997->96052 96004 ee065b 95998->96004 96003 ee00aa __wsopen_s 96003->95987 96054 ee042f 96004->96054 96007 ee068d 96086 ecf2c6 20 API calls _abort 96007->96086 96008 ee06a6 96072 ed5221 96008->96072 96011 ee0692 96087 ecf2d9 20 API calls _abort 96011->96087 96012 ee06ab 96013 ee06cb 96012->96013 96014 ee06b4 96012->96014 96085 ee039a CreateFileW 96013->96085 96088 ecf2c6 20 API calls _abort 96014->96088 96018 ee06b9 96089 ecf2d9 20 API calls _abort 96018->96089 96020 ee0781 GetFileType 96022 ee078c GetLastError 96020->96022 96023 ee07d3 96020->96023 96021 ee0756 GetLastError 96091 ecf2a3 20 API calls 2 library calls 96021->96091 96092 ecf2a3 20 API calls 2 library calls 96022->96092 96094 ed516a 21 API calls 3 library calls 96023->96094 96024 ee0704 96024->96020 96024->96021 96090 ee039a CreateFileW 96024->96090 96027 ee079a CloseHandle 96027->96011 96029 ee07c3 96027->96029 96093 ecf2d9 20 API calls _abort 96029->96093 96031 ee0749 96031->96020 96031->96021 96033 ee07f4 96035 ee0840 96033->96035 96095 ee05ab 72 API calls 4 library calls 96033->96095 96034 ee07c8 96034->96011 96039 ee086d 96035->96039 96096 ee014d 72 API calls 4 library calls 96035->96096 96038 ee0866 96038->96039 96041 ee087e 96038->96041 96040 ed86ae __wsopen_s 29 API calls 96039->96040 96042 ee00f8 96040->96042 96041->96042 96043 ee08fc CloseHandle 96041->96043 96053 ee0121 LeaveCriticalSection __wsopen_s 96042->96053 96097 ee039a CreateFileW 96043->96097 96045 ee0927 96046 ee095d 96045->96046 96047 ee0931 GetLastError 96045->96047 96046->96042 96098 ecf2a3 20 API calls 2 library calls 96047->96098 96049 ee093d 96099 ed5333 21 API calls 3 library calls 96049->96099 96051->95997 96052->96003 96053->96003 96055 ee046a 96054->96055 96056 ee0450 96054->96056 96100 ee03bf 96055->96100 96056->96055 96107 ecf2d9 20 API calls _abort 96056->96107 96059 ee045f 96108 ed27ec 26 API calls _abort 96059->96108 96061 ee04a2 96062 ee04d1 96061->96062 96109 ecf2d9 20 API calls _abort 96061->96109 96071 ee0524 96062->96071 96111 ecd70d 26 API calls 2 library calls 96062->96111 96065 ee04c6 96110 ed27ec 26 API calls _abort 96065->96110 96066 ee051f 96067 ee059e 96066->96067 96066->96071 96112 ed27fc 11 API calls _abort 96067->96112 96070 ee05aa 96071->96007 96071->96008 96073 ed522d ___BuildCatchObject 96072->96073 96115 ed2f5e EnterCriticalSection 96073->96115 96075 ed527b 96116 ed532a 96075->96116 96077 ed5234 96077->96075 96078 ed5259 96077->96078 96082 ed52c7 EnterCriticalSection 96077->96082 96119 ed5000 96078->96119 96079 ed52a4 __wsopen_s 96079->96012 96082->96075 96083 ed52d4 LeaveCriticalSection 96082->96083 96083->96077 96085->96024 96086->96011 96087->96042 96088->96018 96089->96011 96090->96031 96091->96011 96092->96027 96093->96034 96094->96033 96095->96035 96096->96038 96097->96045 96098->96049 96099->96046 96102 ee03d7 96100->96102 96101 ee03f2 96101->96061 96102->96101 96113 ecf2d9 20 API calls _abort 96102->96113 96104 ee0416 96114 ed27ec 26 API calls _abort 96104->96114 96106 ee0421 96106->96061 96107->96059 96108->96055 96109->96065 96110->96062 96111->96066 96112->96070 96113->96104 96114->96106 96115->96077 96127 ed2fa6 LeaveCriticalSection 96116->96127 96118 ed5331 96118->96079 96120 ed4c7d _abort 20 API calls 96119->96120 96122 ed5012 96120->96122 96121 ed501f 96123 ed29c8 _free 20 API calls 96121->96123 96122->96121 96128 ed3405 11 API calls 2 library calls 96122->96128 96125 ed5071 96123->96125 96125->96075 96126 ed5147 EnterCriticalSection 96125->96126 96126->96075 96127->96118 96128->96122 96129 ea105b 96134 ea344d 96129->96134 96131 ea106a 96165 ec00a3 29 API calls __onexit 96131->96165 96133 ea1074 96135 ea345d __wsopen_s 96134->96135 96136 eaa961 22 API calls 96135->96136 96137 ea3513 96136->96137 96138 ea3a5a 24 API calls 96137->96138 96139 ea351c 96138->96139 96166 ea3357 96139->96166 96142 ea33c6 22 API calls 96143 ea3535 96142->96143 96144 ea515f 22 API calls 96143->96144 96145 ea3544 96144->96145 96146 eaa961 22 API calls 96145->96146 96147 ea354d 96146->96147 96148 eaa6c3 22 API calls 96147->96148 96149 ea3556 RegOpenKeyExW 96148->96149 96150 ee3176 RegQueryValueExW 96149->96150 96155 ea3578 96149->96155 96151 ee320c RegCloseKey 96150->96151 96152 ee3193 96150->96152 96151->96155 96164 ee321e _wcslen 96151->96164 96153 ebfe0b 22 API calls 96152->96153 96154 ee31ac 96153->96154 96157 ea5722 22 API calls 96154->96157 96155->96131 96156 ea4c6d 22 API calls 96156->96164 96158 ee31b7 RegQueryValueExW 96157->96158 96159 ee31d4 96158->96159 96161 ee31ee messages 96158->96161 96160 ea6b57 22 API calls 96159->96160 96160->96161 96161->96151 96162 ea9cb3 22 API calls 96162->96164 96163 ea515f 22 API calls 96163->96164 96164->96155 96164->96156 96164->96162 96164->96163 96165->96133 96167 ee1f50 __wsopen_s 96166->96167 96168 ea3364 GetFullPathNameW 96167->96168 96169 ea3386 96168->96169 96170 ea6b57 22 API calls 96169->96170 96171 ea33a4 96170->96171 96171->96142 96172 ea1098 96177 ea42de 96172->96177 96176 ea10a7 96178 eaa961 22 API calls 96177->96178 96179 ea42f5 GetVersionExW 96178->96179 96180 ea6b57 22 API calls 96179->96180 96181 ea4342 96180->96181 96182 ea93b2 22 API calls 96181->96182 96186 ea4378 96181->96186 96183 ea436c 96182->96183 96185 ea37a0 22 API calls 96183->96185 96184 ea441b GetCurrentProcess IsWow64Process 96187 ea4437 96184->96187 96185->96186 96186->96184 96188 ee37df 96186->96188 96189 ea444f LoadLibraryA 96187->96189 96190 ee3824 GetSystemInfo 96187->96190 96191 ea449c GetSystemInfo 96189->96191 96192 ea4460 GetProcAddress 96189->96192 96193 ea4476 96191->96193 96192->96191 96194 ea4470 GetNativeSystemInfo 96192->96194 96195 ea447a FreeLibrary 96193->96195 96196 ea109d 96193->96196 96194->96193 96195->96196 96197 ec00a3 29 API calls __onexit 96196->96197 96197->96176 96198 eaf7bf 96199 eaf7d3 96198->96199 96200 eafcb6 96198->96200 96202 eafcc2 96199->96202 96203 ebfddb 22 API calls 96199->96203 96201 eaaceb 23 API calls 96200->96201 96201->96202 96204 eaaceb 23 API calls 96202->96204 96205 eaf7e5 96203->96205 96206 eafd3d 96204->96206 96205->96202 96205->96206 96207 eaf83e 96205->96207 96235 f11155 22 API calls 96206->96235 96209 eb1310 349 API calls 96207->96209 96224 eaed9d messages 96207->96224 96213 eaec76 messages 96209->96213 96210 ef4beb 96241 f1359c 82 API calls __wsopen_s 96210->96241 96211 eafef7 96211->96224 96237 eaa8c7 22 API calls __fread_nolock 96211->96237 96213->96210 96213->96211 96215 ef4b0b 96213->96215 96216 eaa8c7 22 API calls 96213->96216 96217 ef4600 96213->96217 96222 ec0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96213->96222 96213->96224 96225 eafbe3 96213->96225 96226 eaa961 22 API calls 96213->96226 96227 ec00a3 29 API calls pre_c_initialization 96213->96227 96230 ec01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96213->96230 96231 ebfddb 22 API calls 96213->96231 96232 eaf3ae messages 96213->96232 96233 eb01e0 349 API calls 2 library calls 96213->96233 96234 eb06a0 41 API calls messages 96213->96234 96239 f1359c 82 API calls __wsopen_s 96215->96239 96216->96213 96217->96224 96236 eaa8c7 22 API calls __fread_nolock 96217->96236 96222->96213 96225->96224 96228 ef4bdc 96225->96228 96225->96232 96226->96213 96227->96213 96240 f1359c 82 API calls __wsopen_s 96228->96240 96230->96213 96231->96213 96232->96224 96238 f1359c 82 API calls __wsopen_s 96232->96238 96233->96213 96234->96213 96235->96224 96236->96224 96237->96224 96238->96224 96239->96224 96240->96210 96241->96224 96242 eadddc 96245 eab710 96242->96245 96246 eab72b 96245->96246 96247 ef00f8 96246->96247 96248 ef0146 96246->96248 96273 eab750 96246->96273 96251 ef0102 96247->96251 96254 ef010f 96247->96254 96247->96273 96287 f258a2 349 API calls 2 library calls 96248->96287 96285 f25d33 349 API calls 96251->96285 96271 eaba20 96254->96271 96286 f261d0 349 API calls 2 library calls 96254->96286 96257 ef03d9 96257->96257 96261 eaba4e 96262 ef0322 96290 f25c0c 82 API calls 96262->96290 96266 eaaceb 23 API calls 96266->96273 96269 ebd336 40 API calls 96269->96273 96270 eabbe0 40 API calls 96270->96273 96271->96261 96291 f1359c 82 API calls __wsopen_s 96271->96291 96272 eaec40 349 API calls 96272->96273 96273->96261 96273->96262 96273->96266 96273->96269 96273->96270 96273->96271 96273->96272 96276 eaa81b 41 API calls 96273->96276 96277 ebd2f0 40 API calls 96273->96277 96278 eba01b 349 API calls 96273->96278 96279 ec0242 5 API calls __Init_thread_wait 96273->96279 96280 ebedcd 22 API calls 96273->96280 96281 ec00a3 29 API calls __onexit 96273->96281 96282 ec01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96273->96282 96283 ebee53 82 API calls 96273->96283 96284 ebe5ca 349 API calls 96273->96284 96288 eff6bf 23 API calls 96273->96288 96289 eaa8c7 22 API calls __fread_nolock 96273->96289 96276->96273 96277->96273 96278->96273 96279->96273 96280->96273 96281->96273 96282->96273 96283->96273 96284->96273 96285->96254 96286->96271 96287->96273 96288->96273 96289->96273 96290->96271 96291->96257 96292 ec03fb 96293 ec0407 ___BuildCatchObject 96292->96293 96321 ebfeb1 96293->96321 96295 ec040e 96296 ec0561 96295->96296 96299 ec0438 96295->96299 96348 ec083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96296->96348 96298 ec0568 96349 ec4e52 28 API calls _abort 96298->96349 96308 ec0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96299->96308 96332 ed247d 96299->96332 96301 ec056e 96350 ec4e04 28 API calls _abort 96301->96350 96305 ec0576 96306 ec0457 96309 ec04d8 96308->96309 96344 ec4e1a 38 API calls 2 library calls 96308->96344 96340 ec0959 96309->96340 96312 ec04de 96313 ec04f3 96312->96313 96345 ec0992 GetModuleHandleW 96313->96345 96315 ec04fa 96315->96298 96316 ec04fe 96315->96316 96317 ec0507 96316->96317 96346 ec4df5 28 API calls _abort 96316->96346 96347 ec0040 13 API calls 2 library calls 96317->96347 96320 ec050f 96320->96306 96322 ebfeba 96321->96322 96351 ec0698 IsProcessorFeaturePresent 96322->96351 96324 ebfec6 96352 ec2c94 10 API calls 3 library calls 96324->96352 96326 ebfecb 96331 ebfecf 96326->96331 96353 ed2317 96326->96353 96329 ebfee6 96329->96295 96331->96295 96333 ed2494 96332->96333 96334 ec0a8c CatchGuardHandler 5 API calls 96333->96334 96335 ec0451 96334->96335 96335->96306 96336 ed2421 96335->96336 96339 ed2450 96336->96339 96337 ec0a8c CatchGuardHandler 5 API calls 96338 ed2479 96337->96338 96338->96308 96339->96337 96404 ec2340 96340->96404 96343 ec097f 96343->96312 96344->96309 96345->96315 96346->96317 96347->96320 96348->96298 96349->96301 96350->96305 96351->96324 96352->96326 96357 edd1f6 96353->96357 96356 ec2cbd 8 API calls 3 library calls 96356->96331 96360 edd213 96357->96360 96361 edd20f 96357->96361 96359 ebfed8 96359->96329 96359->96356 96360->96361 96363 ed4bfb 96360->96363 96375 ec0a8c 96361->96375 96364 ed4c07 ___BuildCatchObject 96363->96364 96382 ed2f5e EnterCriticalSection 96364->96382 96366 ed4c0e 96383 ed50af 96366->96383 96368 ed4c1d 96374 ed4c2c 96368->96374 96396 ed4a8f 29 API calls 96368->96396 96371 ed4c27 96397 ed4b45 GetStdHandle GetFileType 96371->96397 96372 ed4c3d __wsopen_s 96372->96360 96398 ed4c48 LeaveCriticalSection _abort 96374->96398 96376 ec0a95 96375->96376 96377 ec0a97 IsProcessorFeaturePresent 96375->96377 96376->96359 96379 ec0c5d 96377->96379 96403 ec0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96379->96403 96381 ec0d40 96381->96359 96382->96366 96384 ed50bb ___BuildCatchObject 96383->96384 96385 ed50df 96384->96385 96386 ed50c8 96384->96386 96399 ed2f5e EnterCriticalSection 96385->96399 96400 ecf2d9 20 API calls _abort 96386->96400 96389 ed50cd 96401 ed27ec 26 API calls _abort 96389->96401 96391 ed50d7 __wsopen_s 96391->96368 96392 ed5117 96402 ed513e LeaveCriticalSection _abort 96392->96402 96394 ed50eb 96394->96392 96395 ed5000 __wsopen_s 21 API calls 96394->96395 96395->96394 96396->96371 96397->96374 96398->96372 96399->96394 96400->96389 96401->96391 96402->96391 96403->96381 96405 ec096c GetStartupInfoW 96404->96405 96405->96343 96406 ea1033 96411 ea4c91 96406->96411 96410 ea1042 96412 eaa961 22 API calls 96411->96412 96413 ea4cff 96412->96413 96419 ea3af0 96413->96419 96416 ea4d9c 96417 ea1038 96416->96417 96422 ea51f7 22 API calls __fread_nolock 96416->96422 96418 ec00a3 29 API calls __onexit 96417->96418 96418->96410 96423 ea3b1c 96419->96423 96422->96416 96424 ea3b29 96423->96424 96425 ea3b0f 96423->96425 96424->96425 96426 ea3b30 RegOpenKeyExW 96424->96426 96425->96416 96426->96425 96427 ea3b4a RegQueryValueExW 96426->96427 96428 ea3b6b 96427->96428 96429 ea3b80 RegCloseKey 96427->96429 96428->96429 96429->96425 96430 ef3f75 96441 ebceb1 96430->96441 96432 ef3f8b 96433 ef4006 96432->96433 96450 ebe300 23 API calls 96432->96450 96435 eabf40 349 API calls 96433->96435 96437 ef4052 96435->96437 96436 ef3fe6 96436->96437 96451 f11abf 22 API calls 96436->96451 96439 ef4a88 96437->96439 96452 f1359c 82 API calls __wsopen_s 96437->96452 96442 ebcebf 96441->96442 96443 ebced2 96441->96443 96446 eaaceb 23 API calls 96442->96446 96444 ebced7 96443->96444 96445 ebcf05 96443->96445 96447 ebfddb 22 API calls 96444->96447 96448 eaaceb 23 API calls 96445->96448 96449 ebcec9 96446->96449 96447->96449 96448->96449 96449->96432 96450->96436 96451->96433 96452->96439 96453 ea3156 96456 ea3170 96453->96456 96457 ea3187 96456->96457 96458 ea31eb 96457->96458 96459 ea318c 96457->96459 96460 ea31e9 96457->96460 96462 ee2dfb 96458->96462 96463 ea31f1 96458->96463 96464 ea3199 96459->96464 96465 ea3265 PostQuitMessage 96459->96465 96461 ea31d0 DefWindowProcW 96460->96461 96471 ea316a 96461->96471 96512 ea18e2 10 API calls 96462->96512 96466 ea31f8 96463->96466 96467 ea321d SetTimer RegisterWindowMessageW 96463->96467 96469 ee2e7c 96464->96469 96470 ea31a4 96464->96470 96465->96471 96472 ee2d9c 96466->96472 96473 ea3201 KillTimer 96466->96473 96467->96471 96475 ea3246 CreatePopupMenu 96467->96475 96516 f0bf30 34 API calls ___scrt_fastfail 96469->96516 96476 ea31ae 96470->96476 96477 ee2e68 96470->96477 96485 ee2dd7 MoveWindow 96472->96485 96486 ee2da1 96472->96486 96508 ea30f2 Shell_NotifyIconW ___scrt_fastfail 96473->96508 96474 ee2e1c 96513 ebe499 42 API calls 96474->96513 96475->96471 96482 ee2e4d 96476->96482 96483 ea31b9 96476->96483 96501 f0c161 96477->96501 96482->96461 96515 f00ad7 22 API calls 96482->96515 96490 ea31c4 96483->96490 96491 ea3253 96483->96491 96484 ee2e8e 96484->96461 96484->96471 96485->96471 96487 ee2dc6 SetFocus 96486->96487 96488 ee2da7 96486->96488 96487->96471 96488->96490 96492 ee2db0 96488->96492 96489 ea3214 96509 ea3c50 DeleteObject DestroyWindow 96489->96509 96490->96461 96514 ea30f2 Shell_NotifyIconW ___scrt_fastfail 96490->96514 96510 ea326f 44 API calls ___scrt_fastfail 96491->96510 96511 ea18e2 10 API calls 96492->96511 96497 ea3263 96497->96471 96499 ee2e41 96500 ea3837 49 API calls 96499->96500 96500->96460 96502 f0c276 96501->96502 96503 f0c179 ___scrt_fastfail 96501->96503 96502->96471 96504 ea3923 24 API calls 96503->96504 96506 f0c1a0 96504->96506 96505 f0c25f KillTimer SetTimer 96505->96502 96506->96505 96507 f0c251 Shell_NotifyIconW 96506->96507 96507->96505 96508->96489 96509->96471 96510->96497 96511->96471 96512->96474 96513->96490 96514->96499 96515->96460 96516->96484 96517 ea2e37 96518 eaa961 22 API calls 96517->96518 96519 ea2e4d 96518->96519 96596 ea4ae3 96519->96596 96521 ea2e6b 96522 ea3a5a 24 API calls 96521->96522 96523 ea2e7f 96522->96523 96524 ea9cb3 22 API calls 96523->96524 96525 ea2e8c 96524->96525 96526 ea4ecb 94 API calls 96525->96526 96527 ea2ea5 96526->96527 96528 ea2ead 96527->96528 96529 ee2cb0 96527->96529 96610 eaa8c7 22 API calls __fread_nolock 96528->96610 96530 f12cf9 80 API calls 96529->96530 96531 ee2cc3 96530->96531 96533 ee2ccf 96531->96533 96535 ea4f39 68 API calls 96531->96535 96537 ea4f39 68 API calls 96533->96537 96534 ea2ec3 96611 ea6f88 22 API calls 96534->96611 96535->96533 96539 ee2ce5 96537->96539 96538 ea2ecf 96540 ea9cb3 22 API calls 96538->96540 96627 ea3084 22 API calls 96539->96627 96541 ea2edc 96540->96541 96612 eaa81b 41 API calls 96541->96612 96544 ea2eec 96546 ea9cb3 22 API calls 96544->96546 96545 ee2d02 96628 ea3084 22 API calls 96545->96628 96548 ea2f12 96546->96548 96613 eaa81b 41 API calls 96548->96613 96550 ee2d1e 96552 ea3a5a 24 API calls 96550->96552 96551 ea2f21 96556 eaa961 22 API calls 96551->96556 96553 ee2d44 96552->96553 96629 ea3084 22 API calls 96553->96629 96555 ee2d50 96630 eaa8c7 22 API calls __fread_nolock 96555->96630 96558 ea2f3f 96556->96558 96614 ea3084 22 API calls 96558->96614 96559 ee2d5e 96631 ea3084 22 API calls 96559->96631 96562 ea2f4b 96615 ec4a28 40 API calls 3 library calls 96562->96615 96563 ee2d6d 96632 eaa8c7 22 API calls __fread_nolock 96563->96632 96565 ea2f59 96565->96539 96566 ea2f63 96565->96566 96616 ec4a28 40 API calls 3 library calls 96566->96616 96569 ee2d83 96633 ea3084 22 API calls 96569->96633 96570 ea2f6e 96570->96545 96572 ea2f78 96570->96572 96617 ec4a28 40 API calls 3 library calls 96572->96617 96574 ee2d90 96575 ea2f83 96575->96550 96576 ea2f8d 96575->96576 96618 ec4a28 40 API calls 3 library calls 96576->96618 96578 ea2f98 96579 ea2fdc 96578->96579 96619 ea3084 22 API calls 96578->96619 96579->96563 96580 ea2fe8 96579->96580 96580->96574 96582 ea63eb 22 API calls 96580->96582 96584 ea2ff8 96582->96584 96583 ea2fbf 96620 eaa8c7 22 API calls __fread_nolock 96583->96620 96622 ea6a50 22 API calls 96584->96622 96587 ea2fcd 96621 ea3084 22 API calls 96587->96621 96588 ea3006 96623 ea70b0 23 API calls 96588->96623 96593 ea3021 96594 ea3065 96593->96594 96624 ea6f88 22 API calls 96593->96624 96625 ea70b0 23 API calls 96593->96625 96626 ea3084 22 API calls 96593->96626 96597 ea4af0 __wsopen_s 96596->96597 96598 ea6b57 22 API calls 96597->96598 96599 ea4b22 96597->96599 96598->96599 96600 ea4c6d 22 API calls 96599->96600 96609 ea4b58 96599->96609 96600->96599 96601 ea4c6d 22 API calls 96601->96609 96602 ea9cb3 22 API calls 96604 ea4c52 96602->96604 96603 ea9cb3 22 API calls 96603->96609 96605 ea515f 22 API calls 96604->96605 96607 ea4c5e 96605->96607 96606 ea515f 22 API calls 96606->96609 96607->96521 96608 ea4c29 96608->96602 96608->96607 96609->96601 96609->96603 96609->96606 96609->96608 96610->96534 96611->96538 96612->96544 96613->96551 96614->96562 96615->96565 96616->96570 96617->96575 96618->96578 96619->96583 96620->96587 96621->96579 96622->96588 96623->96593 96624->96593 96625->96593 96626->96593 96627->96545 96628->96550 96629->96555 96630->96559 96631->96563 96632->96569 96633->96574

                                                          Executed Functions

                                                          Function 00EA42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 389 ea42de-ea434d call eaa961 GetVersionExW call ea6b57 394 ee3617-ee362a 389->394 395 ea4353 389->395 396 ee362b-ee362f 394->396 397 ea4355-ea4357 395->397 398 ee3632-ee363e 396->398 399 ee3631 396->399 400 ea435d-ea43bc call ea93b2 call ea37a0 397->400 401 ee3656 397->401 398->396 403 ee3640-ee3642 398->403 399->398 417 ee37df-ee37e6 400->417 418 ea43c2-ea43c4 400->418 406 ee365d-ee3660 401->406 403->397 405 ee3648-ee364f 403->405 405->394 410 ee3651 405->410 407 ea441b-ea4435 GetCurrentProcess IsWow64Process 406->407 408 ee3666-ee36a8 406->408 413 ea4437 407->413 414 ea4494-ea449a 407->414 408->407 411 ee36ae-ee36b1 408->411 410->401 415 ee36db-ee36e5 411->415 416 ee36b3-ee36bd 411->416 419 ea443d-ea4449 413->419 414->419 423 ee36f8-ee3702 415->423 424 ee36e7-ee36f3 415->424 420 ee36bf-ee36c5 416->420 421 ee36ca-ee36d6 416->421 425 ee37e8 417->425 426 ee3806-ee3809 417->426 418->406 422 ea43ca-ea43dd 418->422 427 ea444f-ea445e LoadLibraryA 419->427 428 ee3824-ee3828 GetSystemInfo 419->428 420->407 421->407 429 ee3726-ee372f 422->429 430 ea43e3-ea43e5 422->430 432 ee3704-ee3710 423->432 433 ee3715-ee3721 423->433 424->407 431 ee37ee 425->431 434 ee380b-ee381a 426->434 435 ee37f4-ee37fc 426->435 436 ea449c-ea44a6 GetSystemInfo 427->436 437 ea4460-ea446e GetProcAddress 427->437 441 ee373c-ee3748 429->441 442 ee3731-ee3737 429->442 439 ea43eb-ea43ee 430->439 440 ee374d-ee3762 430->440 431->435 432->407 433->407 434->431 443 ee381c-ee3822 434->443 435->426 438 ea4476-ea4478 436->438 437->436 444 ea4470-ea4474 GetNativeSystemInfo 437->444 445 ea447a-ea447b FreeLibrary 438->445 446 ea4481-ea4493 438->446 447 ea43f4-ea440f 439->447 448 ee3791-ee3794 439->448 449 ee376f-ee377b 440->449 450 ee3764-ee376a 440->450 441->407 442->407 443->435 444->438 445->446 452 ee3780-ee378c 447->452 453 ea4415 447->453 448->407 451 ee379a-ee37c1 448->451 449->407 450->407 454 ee37ce-ee37da 451->454 455 ee37c3-ee37c9 451->455 452->407 453->407 454->407 455->407
                                                          APIs
                                                          • GetVersionExW.KERNEL32(?), ref: 00EA430D
                                                            • Part of subcall function 00EA6B57: _wcslen.LIBCMT ref: 00EA6B6A
                                                          • GetCurrentProcess.KERNEL32(?,00F3CB64,00000000,?,?), ref: 00EA4422
                                                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 00EA4429
                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00EA4454
                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00EA4466
                                                          • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00EA4474
                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 00EA447B
                                                          • GetSystemInfo.KERNEL32(?,?,?), ref: 00EA44A0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                          • API String ID: 3290436268-3101561225
                                                          • Opcode ID: 52fb222c1ff6f67c46f18e14e9d207a51fc737b24b02b108319ac548763c50f2
                                                          • Instruction ID: 73114500f9750f603b60b83a004b3be6959fd8d5facf4da0ebfcaddc43f47982
                                                          • Opcode Fuzzy Hash: 52fb222c1ff6f67c46f18e14e9d207a51fc737b24b02b108319ac548763c50f2
                                                          • Instruction Fuzzy Hash: B4A1C5B190A2CCCFC761CBBD7C455D57FA47B6A304B0464A9E08DB7AA2D260458CFB63
                                                          Function 00EA42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 654 ea42a2-ea42ba CreateStreamOnHGlobal 655 ea42da-ea42dd 654->655 656 ea42bc-ea42d3 FindResourceExW 654->656 657 ea42d9 656->657 658 ee35ba-ee35c9 LoadResource 656->658 657->655 658->657 659 ee35cf-ee35dd SizeofResource 658->659 659->657 660 ee35e3-ee35ee LockResource 659->660 660->657 661 ee35f4-ee3612 660->661 661->657
                                                          APIs
                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00EA50AA,?,?,00000000,00000000), ref: 00EA42B2
                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00EA50AA,?,?,00000000,00000000), ref: 00EA42C9
                                                          • LoadResource.KERNEL32(?,00000000,?,?,00EA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00EA4F20), ref: 00EE35BE
                                                          • SizeofResource.KERNEL32(?,00000000,?,?,00EA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00EA4F20), ref: 00EE35D3
                                                          • LockResource.KERNEL32(00EA50AA,?,?,00EA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00EA4F20,?), ref: 00EE35E6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                          • String ID: SCRIPT
                                                          • API String ID: 3051347437-3967369404
                                                          • Opcode ID: 6d56d221134b0f6d48e900864fb04bf477e2ed842927b9262d33d0e518d81b08
                                                          • Instruction ID: 094c4cb5d91ff575d9850664cde88779a9fd88e648df2474fc636556151c1bdd
                                                          • Opcode Fuzzy Hash: 6d56d221134b0f6d48e900864fb04bf477e2ed842927b9262d33d0e518d81b08
                                                          • Instruction Fuzzy Hash: 46117071240704BFD7219B65DC48F677BBAEFCAB65F104169F402AA2A0DBB1E8009770
                                                          Function 00F0DBBE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29filestringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 779 f0dbbe-f0dbda lstrlenW 780 f0dc06 779->780 781 f0dbdc-f0dbe6 GetFileAttributesW 779->781 782 f0dc09-f0dc0d 780->782 781->782 783 f0dbe8-f0dbf7 FindFirstFileW 781->783 783->780 784 f0dbf9-f0dc04 FindClose 783->784 784->782
                                                          APIs
                                                          • lstrlenW.KERNEL32(?,"R), ref: 00F0DBCE
                                                          • GetFileAttributesW.KERNELBASE(?), ref: 00F0DBDD
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00F0DBEE
                                                          • FindClose.KERNEL32(00000000), ref: 00F0DBFA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                          • String ID: "R
                                                          • API String ID: 2695905019-1746183819
                                                          • Opcode ID: 8e6ad4b15884e4d7d236a50e28bfd0c7751eed1f62a7e2b69b8dd78eb618c24f
                                                          • Instruction ID: f15b8ce96120c9ee6a10fb8907dea7611805b9093ef3d3bb40630d5cf13f20de
                                                          • Opcode Fuzzy Hash: 8e6ad4b15884e4d7d236a50e28bfd0c7751eed1f62a7e2b69b8dd78eb618c24f
                                                          • Instruction Fuzzy Hash: C7F0E53181092857D2206BBCAC0D8AB3B6D9E01334B108702F836D20F0EBB09D54FBD5
                                                          Function 00EE2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00EA2B6B
                                                            • Part of subcall function 00EA3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00F71418,?,00EA2E7F,?,?,?,00000000), ref: 00EA3A78
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                          • GetForegroundWindow.USER32(runas,?,?,?,?,?,00F62224), ref: 00EE2C10
                                                          • ShellExecuteW.SHELL32(00000000,?,?,00F62224), ref: 00EE2C17
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                          • String ID: runas
                                                          • API String ID: 448630720-4000483414
                                                          • Opcode ID: 3cd9cabb04e11b28f896692971c8f85cf257651fc1aa43a730534aad6de7b22e
                                                          • Instruction ID: a27f7f5f39055bb9578025ae0a4c52cff12ea2edda320c660a8c0523a6929f2e
                                                          • Opcode Fuzzy Hash: 3cd9cabb04e11b28f896692971c8f85cf257651fc1aa43a730534aad6de7b22e
                                                          • Instruction Fuzzy Hash: 4111B4311083455BC704FF78D8519AEBBE4AB9B750F04742DF1467A0A3CF24A54DA753
                                                          Function 00F2A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00F2A6AC
                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00F2A6BA
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                          • Process32NextW.KERNEL32(00000000,?), ref: 00F2A79C
                                                          • CloseHandle.KERNELBASE(00000000), ref: 00F2A7AB
                                                            • Part of subcall function 00EBCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00EE3303,?), ref: 00EBCE8A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                          • String ID:
                                                          • API String ID: 1991900642-0
                                                          • Opcode ID: 093f7cd4f8fb85d3662213960b2a16a30ebd6b056d42e18aa224af8761c972d6
                                                          • Instruction ID: 2c6dd7b95466d42a894523267d897da4d5f77c3fb9944d7aff1deb88b9538824
                                                          • Opcode Fuzzy Hash: 093f7cd4f8fb85d3662213960b2a16a30ebd6b056d42e18aa224af8761c972d6
                                                          • Instruction Fuzzy Hash: 54519F715083109FD310EF24D886A6BBBF8FF89754F04992DF589A7252EB30E904CB92
                                                          Function 00F2AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 f2aff9-f2b056 call ec2340 3 f2b094-f2b098 0->3 4 f2b058-f2b06b call eab567 0->4 6 f2b09a-f2b0bb call eab567 * 2 3->6 7 f2b0dd-f2b0e0 3->7 12 f2b0c8 4->12 13 f2b06d-f2b092 call eab567 * 2 4->13 30 f2b0bf-f2b0c4 6->30 9 f2b0e2-f2b0e5 7->9 10 f2b0f5-f2b119 call ea7510 call ea7620 7->10 14 f2b0e8-f2b0ed call eab567 9->14 32 f2b1d8-f2b1e0 10->32 33 f2b11f-f2b178 call ea7510 call ea7620 call ea7510 call ea7620 call ea7510 call ea7620 10->33 17 f2b0cb-f2b0cf 12->17 13->30 14->10 22 f2b0d1-f2b0d7 17->22 23 f2b0d9-f2b0db 17->23 22->14 23->7 23->10 30->7 34 f2b0c6 30->34 35 f2b1e2-f2b1fd call ea7510 call ea7620 32->35 36 f2b20a-f2b238 GetCurrentDirectoryW call ebfe0b GetCurrentDirectoryW 32->36 82 f2b1a6-f2b1d6 GetSystemDirectoryW call ebfe0b GetSystemDirectoryW 33->82 83 f2b17a-f2b195 call ea7510 call ea7620 33->83 34->17 35->36 53 f2b1ff-f2b208 call ec4963 35->53 44 f2b23c 36->44 47 f2b240-f2b244 44->47 50 f2b246-f2b270 call ea9c6e * 3 47->50 51 f2b275-f2b285 call f100d9 47->51 50->51 64 f2b287-f2b289 51->64 65 f2b28b-f2b2e1 call f107c0 call f106e6 call f105a7 51->65 53->36 53->51 68 f2b2ee-f2b2f2 64->68 65->68 96 f2b2e3 65->96 70 f2b39a-f2b3be CreateProcessW 68->70 71 f2b2f8-f2b321 call f011c8 68->71 76 f2b3c1-f2b3d4 call ebfe14 * 2 70->76 87 f2b323-f2b328 call f01201 71->87 88 f2b32a call f014ce 71->88 101 f2b3d6-f2b3e8 76->101 102 f2b42f-f2b43d CloseHandle 76->102 82->44 83->82 110 f2b197-f2b1a0 call ec4963 83->110 100 f2b32f-f2b33c call ec4963 87->100 88->100 96->68 112 f2b347-f2b357 call ec4963 100->112 113 f2b33e-f2b345 100->113 108 f2b3ea 101->108 109 f2b3ed-f2b3fc 101->109 106 f2b43f-f2b444 102->106 107 f2b49c 102->107 114 f2b451-f2b456 106->114 115 f2b446-f2b44c CloseHandle 106->115 118 f2b4a0-f2b4a4 107->118 108->109 116 f2b401-f2b42a GetLastError call ea630c call eacfa0 109->116 117 f2b3fe 109->117 110->47 110->82 134 f2b362-f2b372 call ec4963 112->134 135 f2b359-f2b360 112->135 113->112 113->113 121 f2b463-f2b468 114->121 122 f2b458-f2b45e CloseHandle 114->122 115->114 132 f2b4e5-f2b4f6 call f10175 116->132 117->116 124 f2b4b2-f2b4bc 118->124 125 f2b4a6-f2b4b0 118->125 129 f2b475-f2b49a call f109d9 call f2b536 121->129 130 f2b46a-f2b470 CloseHandle 121->130 122->121 126 f2b4c4-f2b4e3 call eacfa0 CloseHandle 124->126 127 f2b4be 124->127 125->132 126->132 127->126 129->118 130->129 146 f2b374-f2b37b 134->146 147 f2b37d-f2b398 call ebfe14 * 3 134->147 135->134 135->135 146->146 146->147 147->76
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 00F2B198
                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F2B1B0
                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F2B1D4
                                                          • _wcslen.LIBCMT ref: 00F2B200
                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F2B214
                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F2B236
                                                          • _wcslen.LIBCMT ref: 00F2B332
                                                            • Part of subcall function 00F105A7: GetStdHandle.KERNEL32(000000F6), ref: 00F105C6
                                                          • _wcslen.LIBCMT ref: 00F2B34B
                                                          • _wcslen.LIBCMT ref: 00F2B366
                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F2B3B6
                                                          • GetLastError.KERNEL32(00000000), ref: 00F2B407
                                                          • CloseHandle.KERNEL32(?), ref: 00F2B439
                                                          • CloseHandle.KERNEL32(00000000), ref: 00F2B44A
                                                          • CloseHandle.KERNEL32(00000000), ref: 00F2B45C
                                                          • CloseHandle.KERNEL32(00000000), ref: 00F2B46E
                                                          • CloseHandle.KERNEL32(?), ref: 00F2B4E3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                          • String ID:
                                                          • API String ID: 2178637699-0
                                                          • Opcode ID: 7736d2a773f3b620c4381107540943f41286f36b361fa8991b7f1069b6a48cf2
                                                          • Instruction ID: 9c9014116e922cec42668ef8d23c78155df768690d3395e552db3cdad5be423f
                                                          • Opcode Fuzzy Hash: 7736d2a773f3b620c4381107540943f41286f36b361fa8991b7f1069b6a48cf2
                                                          • Instruction Fuzzy Hash: 25F19C319083509FC715EF24D891B6EBBE5AF89320F18855DF8959F2A2DB31EC40DB92
                                                          Function 00EAD739 Relevance: 21.6, APIs: 14, Instructions: 620windowsleeptimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetInputState.USER32 ref: 00EAD807
                                                          • timeGetTime.WINMM ref: 00EADA07
                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00EADB28
                                                          • TranslateMessage.USER32(?), ref: 00EADB7B
                                                          • DispatchMessageW.USER32(?), ref: 00EADB89
                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00EADB9F
                                                          • Sleep.KERNELBASE(0000000A), ref: 00EADBB1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                          • String ID:
                                                          • API String ID: 2189390790-0
                                                          • Opcode ID: 3c7269ebd21b620ffaee76d6dd7794f1c5712edfd53727d149ac7440392b1a58
                                                          • Instruction ID: be64b69614ec5485444300429140c837f39e198009edf08107867fbe78f749a4
                                                          • Opcode Fuzzy Hash: 3c7269ebd21b620ffaee76d6dd7794f1c5712edfd53727d149ac7440392b1a58
                                                          • Instruction Fuzzy Hash: 71422330608249DFD728CF24CC44BBAB7E0BF8A318F14655DE696AB691D770F844DB92
                                                          Function 00EA2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetSysColorBrush.USER32(0000000F), ref: 00EA2D07
                                                          • RegisterClassExW.USER32(00000030), ref: 00EA2D31
                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00EA2D42
                                                          • InitCommonControlsEx.COMCTL32(?), ref: 00EA2D5F
                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00EA2D6F
                                                          • LoadIconW.USER32(000000A9), ref: 00EA2D85
                                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00EA2D94
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                          • API String ID: 2914291525-1005189915
                                                          • Opcode ID: afc80eb5ff0e6db9c5c081e50a43b7b0d3eda52701427ab3edb3df06b1892404
                                                          • Instruction ID: 9354125a88e1e6f245eb30fd36899be62c898a2b02c80f8dcb6755e59a2b48cb
                                                          • Opcode Fuzzy Hash: afc80eb5ff0e6db9c5c081e50a43b7b0d3eda52701427ab3edb3df06b1892404
                                                          • Instruction Fuzzy Hash: 6021C5B591131DAFDB00DFA8E849BDDBBB5FB08710F00411AFA15B62A0D7B54584EFA1
                                                          Function 00EE065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 457 ee065b-ee068b call ee042f 460 ee068d-ee0698 call ecf2c6 457->460 461 ee06a6-ee06b2 call ed5221 457->461 466 ee069a-ee06a1 call ecf2d9 460->466 467 ee06cb-ee0714 call ee039a 461->467 468 ee06b4-ee06c9 call ecf2c6 call ecf2d9 461->468 478 ee097d-ee0983 466->478 476 ee0716-ee071f 467->476 477 ee0781-ee078a GetFileType 467->477 468->466 480 ee0756-ee077c GetLastError call ecf2a3 476->480 481 ee0721-ee0725 476->481 482 ee078c-ee07bd GetLastError call ecf2a3 CloseHandle 477->482 483 ee07d3-ee07d6 477->483 480->466 481->480 486 ee0727-ee0754 call ee039a 481->486 482->466 494 ee07c3-ee07ce call ecf2d9 482->494 484 ee07df-ee07e5 483->484 485 ee07d8-ee07dd 483->485 490 ee07e9-ee0837 call ed516a 484->490 491 ee07e7 484->491 485->490 486->477 486->480 500 ee0839-ee0845 call ee05ab 490->500 501 ee0847-ee086b call ee014d 490->501 491->490 494->466 500->501 508 ee086f-ee0879 call ed86ae 500->508 506 ee087e-ee08c1 501->506 507 ee086d 501->507 510 ee08e2-ee08f0 506->510 511 ee08c3-ee08c7 506->511 507->508 508->478 514 ee097b 510->514 515 ee08f6-ee08fa 510->515 511->510 513 ee08c9-ee08dd 511->513 513->510 514->478 515->514 516 ee08fc-ee092f CloseHandle call ee039a 515->516 519 ee0963-ee0977 516->519 520 ee0931-ee095d GetLastError call ecf2a3 call ed5333 516->520 519->514 520->519
                                                          APIs
                                                            • Part of subcall function 00EE039A: CreateFileW.KERNELBASE(00000000,00000000,?,00EE0704,?,?,00000000,?,00EE0704,00000000,0000000C), ref: 00EE03B7
                                                          • GetLastError.KERNEL32 ref: 00EE076F
                                                          • __dosmaperr.LIBCMT ref: 00EE0776
                                                          • GetFileType.KERNELBASE(00000000), ref: 00EE0782
                                                          • GetLastError.KERNEL32 ref: 00EE078C
                                                          • __dosmaperr.LIBCMT ref: 00EE0795
                                                          • CloseHandle.KERNEL32(00000000), ref: 00EE07B5
                                                          • CloseHandle.KERNEL32(?), ref: 00EE08FF
                                                          • GetLastError.KERNEL32 ref: 00EE0931
                                                          • __dosmaperr.LIBCMT ref: 00EE0938
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                          • String ID: H
                                                          • API String ID: 4237864984-2852464175
                                                          • Opcode ID: ba85f2a7c3c54eea0ee0601479cdc6f2bcf2b871ed5a756972f9773f61debacd
                                                          • Instruction ID: 1b989786eb26dc0f1b0f99206808a3ddd86cbc6cd43073ee87fdde3ba9743edd
                                                          • Opcode Fuzzy Hash: ba85f2a7c3c54eea0ee0601479cdc6f2bcf2b871ed5a756972f9773f61debacd
                                                          • Instruction Fuzzy Hash: D8A12532A001888FDF19AF68D851BAD7BE1EB46324F14115EF815BB2A1CB719C53DB91
                                                          Function 00EA344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 00EA3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00F71418,?,00EA2E7F,?,?,?,00000000), ref: 00EA3A78
                                                            • Part of subcall function 00EA3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00EA3379
                                                          • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00EA356A
                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00EE318D
                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00EE31CE
                                                          • RegCloseKey.ADVAPI32(?), ref: 00EE3210
                                                          • _wcslen.LIBCMT ref: 00EE3277
                                                          • _wcslen.LIBCMT ref: 00EE3286
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                          • API String ID: 98802146-2727554177
                                                          • Opcode ID: 937a91430daec94fa7fd86b3a4b0d418c63a5fcc0c33c3207998fb65efed91bd
                                                          • Instruction ID: 186a5f1cc705f41a234d391f0518a69ebfb630c7684003052f8eae63e7b8f497
                                                          • Opcode Fuzzy Hash: 937a91430daec94fa7fd86b3a4b0d418c63a5fcc0c33c3207998fb65efed91bd
                                                          • Instruction Fuzzy Hash: 0E71C4714043089EC384DF65DC859ABBBE8FF89354F40142EF589A71A1DB74DA88DB52
                                                          Function 00EA2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetSysColorBrush.USER32(0000000F), ref: 00EA2B8E
                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00EA2B9D
                                                          • LoadIconW.USER32(00000063), ref: 00EA2BB3
                                                          • LoadIconW.USER32(000000A4), ref: 00EA2BC5
                                                          • LoadIconW.USER32(000000A2), ref: 00EA2BD7
                                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00EA2BEF
                                                          • RegisterClassExW.USER32(?), ref: 00EA2C40
                                                            • Part of subcall function 00EA2CD4: GetSysColorBrush.USER32(0000000F), ref: 00EA2D07
                                                            • Part of subcall function 00EA2CD4: RegisterClassExW.USER32(00000030), ref: 00EA2D31
                                                            • Part of subcall function 00EA2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00EA2D42
                                                            • Part of subcall function 00EA2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00EA2D5F
                                                            • Part of subcall function 00EA2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00EA2D6F
                                                            • Part of subcall function 00EA2CD4: LoadIconW.USER32(000000A9), ref: 00EA2D85
                                                            • Part of subcall function 00EA2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00EA2D94
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                          • String ID: #$0$AutoIt v3
                                                          • API String ID: 423443420-4155596026
                                                          • Opcode ID: d601743a7dc4a2da95b10c77398c4a8c0ab3492f3f8ce38009c538ada2e56ae9
                                                          • Instruction ID: 0e42dcb8054bcf381f01be5c171e55be7cf44dd9be9965179e5ad8a5114a561d
                                                          • Opcode Fuzzy Hash: d601743a7dc4a2da95b10c77398c4a8c0ab3492f3f8ce38009c538ada2e56ae9
                                                          • Instruction Fuzzy Hash: 34214971E0031CABDB509FA9EC45BAA7FB5FB48B50F00001AF608B66A0D3B11588EF91
                                                          Function 00EA3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 598 ea3170-ea3185 599 ea3187-ea318a 598->599 600 ea31e5-ea31e7 598->600 601 ea31eb 599->601 602 ea318c-ea3193 599->602 600->599 603 ea31e9 600->603 605 ee2dfb-ee2e23 call ea18e2 call ebe499 601->605 606 ea31f1-ea31f6 601->606 607 ea3199-ea319e 602->607 608 ea3265-ea326d PostQuitMessage 602->608 604 ea31d0-ea31d8 DefWindowProcW 603->604 614 ea31de-ea31e4 604->614 644 ee2e28-ee2e2f 605->644 609 ea31f8-ea31fb 606->609 610 ea321d-ea3244 SetTimer RegisterWindowMessageW 606->610 612 ee2e7c-ee2e90 call f0bf30 607->612 613 ea31a4-ea31a8 607->613 615 ea3219-ea321b 608->615 616 ee2d9c-ee2d9f 609->616 617 ea3201-ea3214 KillTimer call ea30f2 call ea3c50 609->617 610->615 619 ea3246-ea3251 CreatePopupMenu 610->619 612->615 639 ee2e96 612->639 620 ea31ae-ea31b3 613->620 621 ee2e68-ee2e72 call f0c161 613->621 615->614 629 ee2dd7-ee2df6 MoveWindow 616->629 630 ee2da1-ee2da5 616->630 617->615 619->615 626 ee2e4d-ee2e54 620->626 627 ea31b9-ea31be 620->627 635 ee2e77 621->635 626->604 633 ee2e5a-ee2e63 call f00ad7 626->633 637 ea3253-ea3263 call ea326f 627->637 638 ea31c4-ea31ca 627->638 629->615 631 ee2dc6-ee2dd2 SetFocus 630->631 632 ee2da7-ee2daa 630->632 631->615 632->638 640 ee2db0-ee2dc1 call ea18e2 632->640 633->604 635->615 637->615 638->604 638->644 639->604 640->615 644->604 648 ee2e35-ee2e48 call ea30f2 call ea3837 644->648 648->604
                                                          APIs
                                                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00EA316A,?,?), ref: 00EA31D8
                                                          • KillTimer.USER32(?,00000001,?,?,?,?,?,00EA316A,?,?), ref: 00EA3204
                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00EA3227
                                                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00EA316A,?,?), ref: 00EA3232
                                                          • CreatePopupMenu.USER32 ref: 00EA3246
                                                          • PostQuitMessage.USER32(00000000), ref: 00EA3267
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                          • String ID: TaskbarCreated
                                                          • API String ID: 129472671-2362178303
                                                          • Opcode ID: c8a398403389d06bfaca578194c4265c4b13543383ed382f1f99b937570f1daa
                                                          • Instruction ID: dfdcc526ff83d00786e806abe667e319703568d9c18aa4e9fd8eba0136fd4b32
                                                          • Opcode Fuzzy Hash: c8a398403389d06bfaca578194c4265c4b13543383ed382f1f99b937570f1daa
                                                          • Instruction Fuzzy Hash: F0412B31244208ABDB141F7C9C0EBB93659FB4F354F04611AFA06BE1B2C775AA44B7B2
                                                          Function 00EA2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 664 ea2c63-ea2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                          APIs
                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00EA2C91
                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00EA2CB2
                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00EA1CAD,?), ref: 00EA2CC6
                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00EA1CAD,?), ref: 00EA2CCF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$CreateShow
                                                          • String ID: AutoIt v3$edit
                                                          • API String ID: 1584632944-3779509399
                                                          • Opcode ID: a535e03b8789d8a62dde5dffdcebe210b534a9ac0707b643caac2799d3da93ef
                                                          • Instruction ID: 2b65a4206f5efeb03b486d3be09b874c73c070a723991227a8ecac81f3966f9f
                                                          • Opcode Fuzzy Hash: a535e03b8789d8a62dde5dffdcebe210b534a9ac0707b643caac2799d3da93ef
                                                          • Instruction Fuzzy Hash: D2F0DA755503987AEB71172BAC09E773EBDE7C6F60F01405AF908A35A0C6621894FAB2
                                                          Function 00EA3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 821 ea3b1c-ea3b27 822 ea3b99-ea3b9b 821->822 823 ea3b29-ea3b2e 821->823 824 ea3b8c-ea3b8f 822->824 823->822 825 ea3b30-ea3b48 RegOpenKeyExW 823->825 825->822 826 ea3b4a-ea3b69 RegQueryValueExW 825->826 827 ea3b6b-ea3b76 826->827 828 ea3b80-ea3b8b RegCloseKey 826->828 829 ea3b78-ea3b7a 827->829 830 ea3b90-ea3b97 827->830 828->824 831 ea3b7e 829->831 830->831 831->828
                                                          APIs
                                                          • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00EA3B0F,SwapMouseButtons,00000004,?), ref: 00EA3B40
                                                          • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00EA3B0F,SwapMouseButtons,00000004,?), ref: 00EA3B61
                                                          • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00EA3B0F,SwapMouseButtons,00000004,?), ref: 00EA3B83
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseOpenQueryValue
                                                          • String ID: Control Panel\Mouse
                                                          • API String ID: 3677997916-824357125
                                                          • Opcode ID: 8091711acc99f8f9dfdedcf49d2fec4eeb16625e26c5c05e34bc8cdfae35f64b
                                                          • Instruction ID: 7b01833dac205a90451cad56395c7d7c90211f93385338ff988e2af590436f9a
                                                          • Opcode Fuzzy Hash: 8091711acc99f8f9dfdedcf49d2fec4eeb16625e26c5c05e34bc8cdfae35f64b
                                                          • Instruction Fuzzy Hash: A9112AB5511208FFDB208FA5DC85AEEBBBAEF09754B105459B805EB110D331AE40A7A0
                                                          Function 00EA3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00EE33A2
                                                            • Part of subcall function 00EA6B57: _wcslen.LIBCMT ref: 00EA6B6A
                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00EA3A04
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: IconLoadNotifyShell_String_wcslen
                                                          • String ID: Line:
                                                          • API String ID: 2289894680-1585850449
                                                          • Opcode ID: 2a7ebd117bc6aca8f712aae5683b2c40690d3fe545387fc04e3c4cc2bd3f9173
                                                          • Instruction ID: 39f1a8e10764cd41c9fdb05609a6dc2bda2f6abf68cd08332a266895644f6019
                                                          • Opcode Fuzzy Hash: 2a7ebd117bc6aca8f712aae5683b2c40690d3fe545387fc04e3c4cc2bd3f9173
                                                          • Instruction Fuzzy Hash: 88310571408304AEC720EB24DC46FDBB7E8AB8A314F00652EF499A7091DB70A648C7D3
                                                          Function 00EA10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00EA1BF4
                                                            • Part of subcall function 00EA1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00EA1BFC
                                                            • Part of subcall function 00EA1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00EA1C07
                                                            • Part of subcall function 00EA1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00EA1C12
                                                            • Part of subcall function 00EA1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00EA1C1A
                                                            • Part of subcall function 00EA1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00EA1C22
                                                            • Part of subcall function 00EA1B4A: RegisterWindowMessageW.USER32(00000004,?,00EA12C4), ref: 00EA1BA2
                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00EA136A
                                                          • OleInitialize.OLE32 ref: 00EA1388
                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 00EE24AB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                          • String ID:
                                                          • API String ID: 1986988660-0
                                                          • Opcode ID: 88b7a98e033e5fe2676d23af0c8636a744e43b7fd60075acf6b28da1d568211e
                                                          • Instruction ID: add6c8036fa5fc2a1749366811bf1c564788cbd87c0cdcb8444f082c9c589db7
                                                          • Opcode Fuzzy Hash: 88b7a98e033e5fe2676d23af0c8636a744e43b7fd60075acf6b28da1d568211e
                                                          • Instruction Fuzzy Hash: 1271BCB49112088EC388DF7DAD466553AE5BB8A354719926ED00EEB262EB30448DFF53
                                                          Function 00F0C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00EA3A04
                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00F0C259
                                                          • KillTimer.USER32(?,00000001,?,?), ref: 00F0C261
                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F0C270
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: IconNotifyShell_Timer$Kill
                                                          • String ID:
                                                          • API String ID: 3500052701-0
                                                          • Opcode ID: ea543d1a08f41959ff8d9a3e8dae1018aedb37474106f0ad0481ce7c74f45b8e
                                                          • Instruction ID: 551be8c9386f43ff50c2488fcc92b2f8c0e0d11a8e660093ea5c95ce4a190fe5
                                                          • Opcode Fuzzy Hash: ea543d1a08f41959ff8d9a3e8dae1018aedb37474106f0ad0481ce7c74f45b8e
                                                          • Instruction Fuzzy Hash: EF31C571904344AFEB328F648855BEBBBEDAF06314F00049DE5DAA7281C7745A84EB91
                                                          Function 00ED86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • CloseHandle.KERNELBASE(00000000,00000000,?,?,00ED85CC,?,00F68CC8,0000000C), ref: 00ED8704
                                                          • GetLastError.KERNEL32(?,00ED85CC,?,00F68CC8,0000000C), ref: 00ED870E
                                                          • __dosmaperr.LIBCMT ref: 00ED8739
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                          • String ID:
                                                          • API String ID: 2583163307-0
                                                          • Opcode ID: 73e7653b0d6c6e2bee8e01b1e2b632b5ef87073ef1556a0dea99b8a8f20a7460
                                                          • Instruction ID: 9c0d51c1cd843daba615f8d77d8140aaa960c27110cf87ec83d96814c3e92568
                                                          • Opcode Fuzzy Hash: 73e7653b0d6c6e2bee8e01b1e2b632b5ef87073ef1556a0dea99b8a8f20a7460
                                                          • Instruction Fuzzy Hash: 64012F3360556026D62466345A45B7E6B85CB8177CF35311BF828FB3D2DD62CC839590
                                                          Function 00EADB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • TranslateMessage.USER32(?), ref: 00EADB7B
                                                          • DispatchMessageW.USER32(?), ref: 00EADB89
                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00EADB9F
                                                          • Sleep.KERNELBASE(0000000A), ref: 00EADBB1
                                                          • TranslateAcceleratorW.USER32(?,?,?), ref: 00EF1CC9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                          • String ID:
                                                          • API String ID: 3288985973-0
                                                          • Opcode ID: e7112d8edab380d7363ac58363a3d76111b9602432ebee5133e462bbc2bd8c9c
                                                          • Instruction ID: 28561f2b4e1ba29e4b01f65062fa290962452e87c1aed3a7682e16dd506252db
                                                          • Opcode Fuzzy Hash: e7112d8edab380d7363ac58363a3d76111b9602432ebee5133e462bbc2bd8c9c
                                                          • Instruction Fuzzy Hash: 7DF05E306083489BE734CB608C49FEA73A9EB49314F105519E65AA70C0DB30A4889B66
                                                          Function 00EB1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __Init_thread_footer.LIBCMT ref: 00EB17F6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Init_thread_footer
                                                          • String ID: CALL
                                                          • API String ID: 1385522511-4196123274
                                                          • Opcode ID: c3b9d80c3a326f84218148bec5e3572f056c7080d4b9a5b81675eb30522d331b
                                                          • Instruction ID: ad90bb46b3ffe2cbe34e5c48ee58ea111e9af0bba2a6683ad2e6850c0bd5e171
                                                          • Opcode Fuzzy Hash: c3b9d80c3a326f84218148bec5e3572f056c7080d4b9a5b81675eb30522d331b
                                                          • Instruction Fuzzy Hash: 9222AC706083419FC714DF14C890AABBBF1BF85324F5899ADF596AB261D731E845CB82
                                                          Function 00EA2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetOpenFileNameW.COMDLG32(?), ref: 00EE2C8C
                                                            • Part of subcall function 00EA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EA3A97,?,?,00EA2E7F,?,?,?,00000000), ref: 00EA3AC2
                                                            • Part of subcall function 00EA2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00EA2DC4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Name$Path$FileFullLongOpen
                                                          • String ID: X
                                                          • API String ID: 779396738-3081909835
                                                          • Opcode ID: a9870ee8aff57bcf535317080d1ec57d0241d56e4f4ed00ddbb14e69e64b45d1
                                                          • Instruction ID: 9c7698a4e70a4ee18045df35ffb8783c87cb332c1604ea38a803e92fff8451b2
                                                          • Opcode Fuzzy Hash: a9870ee8aff57bcf535317080d1ec57d0241d56e4f4ed00ddbb14e69e64b45d1
                                                          • Instruction Fuzzy Hash: 46219371A0029C9BDB01DF98C845BEE7BFDAF4D314F009059E505FB241DBB46A899BA1
                                                          Function 00EA3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00EA3908
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: IconNotifyShell_
                                                          • String ID:
                                                          • API String ID: 1144537725-0
                                                          • Opcode ID: 2647162dacf141ac5a52069b1cfc0fd6223f450d6abd23e22feda16aff87dd80
                                                          • Instruction ID: 1abbff5c4bc46c6b64debf2811d05b34437c1c09fd5f1e32e77af2736ee992b7
                                                          • Opcode Fuzzy Hash: 2647162dacf141ac5a52069b1cfc0fd6223f450d6abd23e22feda16aff87dd80
                                                          • Instruction Fuzzy Hash: 0931C370504305DFD360DF38D885797BBE8FB49708F00092EF599A7280E775AA48DB52
                                                          Function 00EBF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • timeGetTime.WINMM ref: 00EBF661
                                                            • Part of subcall function 00EAD739: GetInputState.USER32 ref: 00EAD807
                                                          • Sleep.KERNEL32(00000000), ref: 00EFF2DE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: InputSleepStateTimetime
                                                          • String ID:
                                                          • API String ID: 4149333218-0
                                                          • Opcode ID: 7c6819722848d56b80829e88d3d5f4c9b8f9dcf00aff25ff9ff938f1b46daba3
                                                          • Instruction ID: 237b1535413677c4932c4a68690c8c322e8343cedf6e303b5bc42aef8efe5ec0
                                                          • Opcode Fuzzy Hash: 7c6819722848d56b80829e88d3d5f4c9b8f9dcf00aff25ff9ff938f1b46daba3
                                                          • Instruction Fuzzy Hash: 98F0A7312402059FD314EF79D855B6AB7EAFF4A760F004069F859EB362DB70B800CB91
                                                          Function 00EAB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __Init_thread_footer.LIBCMT ref: 00EABB4E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Init_thread_footer
                                                          • String ID:
                                                          • API String ID: 1385522511-0
                                                          • Opcode ID: 5039391969bcfdac408593500fb3a07884aba725bd2b9d3a2b0b8db69a54274e
                                                          • Instruction ID: 680c57425b01c5b24edbed2731020f23e1a98e926546a1d1a2f42cac32a63761
                                                          • Opcode Fuzzy Hash: 5039391969bcfdac408593500fb3a07884aba725bd2b9d3a2b0b8db69a54274e
                                                          • Instruction Fuzzy Hash: FA32AD34A00209DFDB14CF54C894ABAB7F9EF4A318F14A059EA05BF262D775BD81CB91
                                                          Function 00EA4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EA4EDD,?,00F71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EA4E9C
                                                            • Part of subcall function 00EA4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00EA4EAE
                                                            • Part of subcall function 00EA4E90: FreeLibrary.KERNEL32(00000000,?,?,00EA4EDD,?,00F71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EA4EC0
                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00F71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EA4EFD
                                                            • Part of subcall function 00EA4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EE3CDE,?,00F71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EA4E62
                                                            • Part of subcall function 00EA4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00EA4E74
                                                            • Part of subcall function 00EA4E59: FreeLibrary.KERNEL32(00000000,?,?,00EE3CDE,?,00F71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EA4E87
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Library$Load$AddressFreeProc
                                                          • String ID:
                                                          • API String ID: 2632591731-0
                                                          • Opcode ID: 8d089c0c2f93957036b1be51718836da7365e0d68a2264b9c0cce6257fdf2d45
                                                          • Instruction ID: 461a9bc6371584c11297a8965ebb072138cf5093b36ee721458e1c3459b773b9
                                                          • Opcode Fuzzy Hash: 8d089c0c2f93957036b1be51718836da7365e0d68a2264b9c0cce6257fdf2d45
                                                          • Instruction Fuzzy Hash: F7110472700205AACB14AB60DC02FAD77E59F89710F20A42DF452BE1C1DEB0FA059750
                                                          Function 00ED8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: __wsopen_s
                                                          • String ID:
                                                          • API String ID: 3347428461-0
                                                          • Opcode ID: f3461761c3ca1bc5ba08cb4ff2e5619135b3847d6324514cda0d7f899d62b4ec
                                                          • Instruction ID: abaac1c86b2e233ff21083e260177502fd18f388812b52ccd867e04ce2d26608
                                                          • Opcode Fuzzy Hash: f3461761c3ca1bc5ba08cb4ff2e5619135b3847d6324514cda0d7f899d62b4ec
                                                          • Instruction Fuzzy Hash: 3F11187590410AAFCB05DF58EA41A9E7BF5EF48314F10405AF818AB312DB31EA12CBA5
                                                          Function 00ED5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00ED4C7D: RtlAllocateHeap.NTDLL(00000008,00EA1129,00000000,?,00ED2E29,00000001,00000364,?,?,?,00ECF2DE,00ED3863,00F71444,?,00EBFDF5,?), ref: 00ED4CBE
                                                          • _free.LIBCMT ref: 00ED506C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap_free
                                                          • String ID:
                                                          • API String ID: 614378929-0
                                                          • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                          • Instruction ID: 3d09acc89a84af2ab242ab42cdf8f514828f66ecb44e62779b38096f60e873a1
                                                          • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                          • Instruction Fuzzy Hash: A40126732047046BE3218E659881A9AFBECFB89370F25051EE194A33C0EA30A906C6B4
                                                          Function 00F329BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetForegroundWindow.USER32(00000000,?,?,?,00F314B5,?), ref: 00F32A01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ForegroundWindow
                                                          • String ID:
                                                          • API String ID: 2020703349-0
                                                          • Opcode ID: ccd34cdc005964f312cdad23c1d6c806f5a9d579225cbe70fc477dd8b4ab6e0e
                                                          • Instruction ID: 99162d9326e7b25e12bbc3431cf277b21d0c7bcd33a970cc326670406cef48fe
                                                          • Opcode Fuzzy Hash: ccd34cdc005964f312cdad23c1d6c806f5a9d579225cbe70fc477dd8b4ab6e0e
                                                          • Instruction Fuzzy Hash: 3301B136700A42AFD7A5CA2CC494B223792EB85334F298468C1478B251DB3AFC42F7A0
                                                          Function 00ECE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                          • Instruction ID: a49ce2daa9afb19ccbccc4f07fe70f14d7bb9467f02f2646a56c047445711b05
                                                          • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                          • Instruction Fuzzy Hash: 86F0D132521A1496D6312A798E05F9E33DCDFA2334F10272EF521B23D2DA76A80386A5
                                                          Function 00ED4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00000008,00EA1129,00000000,?,00ED2E29,00000001,00000364,?,?,?,00ECF2DE,00ED3863,00F71444,?,00EBFDF5,?), ref: 00ED4CBE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: d515ad21747ac3242b598dc52278fc61776403ca765bdfc17007cda9873c4c23
                                                          • Instruction ID: 57bb4a6b47a73bb141f3aeb1556e5e8ae3c57cd5028ebf05f6d4364ef79c431d
                                                          • Opcode Fuzzy Hash: d515ad21747ac3242b598dc52278fc61776403ca765bdfc17007cda9873c4c23
                                                          • Instruction Fuzzy Hash: 94F02B7121212467FB201F229D05F5AB7C9FF60364B186117F805BA3C0CA31D80352D0
                                                          Function 00ED3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00000000,?,00F71444,?,00EBFDF5,?,?,00EAA976,00000010,00F71440,00EA13FC,?,00EA13C6,?,00EA1129), ref: 00ED3852
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: a56980567ab6cbce84cf7c4e647d655203acb458658646689c8019156d1d2738
                                                          • Instruction ID: 4591976ebd2e89c8b24f8a67f5de41dd73009cf31e5e8d58bc553b2057ef24fb
                                                          • Opcode Fuzzy Hash: a56980567ab6cbce84cf7c4e647d655203acb458658646689c8019156d1d2738
                                                          • Instruction Fuzzy Hash: 52E0E5391002245AD62926779D00FDA36CAEB427B4F192226BC04B66D1CB61DD03B2E3
                                                          Function 00EA4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FreeLibrary.KERNEL32(?,?,00F71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EA4F6D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FreeLibrary
                                                          • String ID:
                                                          • API String ID: 3664257935-0
                                                          • Opcode ID: 64505ead8726326bdd11e0aed4c98931d463c1fc97fb28335a111b6232835284
                                                          • Instruction ID: cad6722e18ed7e868a0fa231dd8bba0a9aa8c1b3f563b3308fd93ea9b14bdf31
                                                          • Opcode Fuzzy Hash: 64505ead8726326bdd11e0aed4c98931d463c1fc97fb28335a111b6232835284
                                                          • Instruction Fuzzy Hash: 30F0A0B5205341CFCB349F20D490812B7E0BF49329320B97EE1DAA6650C7B1A844EF40
                                                          Function 00F32A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindow.USER32(00000000), ref: 00F32A66
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window
                                                          • String ID:
                                                          • API String ID: 2353593579-0
                                                          • Opcode ID: 15c8164e1adee639a589066baae5a4677d8319428409a4f4c16668a02ad7ada1
                                                          • Instruction ID: 99dc5cfa5e996dca3a0eda3729cb3544b52a2b267fa4ae75e9ea28d5c4f3ea55
                                                          • Opcode Fuzzy Hash: 15c8164e1adee639a589066baae5a4677d8319428409a4f4c16668a02ad7ada1
                                                          • Instruction Fuzzy Hash: ACE0DF3235011AABCB60EA30EC809FA735CEF103A0B000036EC1AC2140DF389991B2F0
                                                          Function 00EA2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00EA2DC4
                                                            • Part of subcall function 00EA6B57: _wcslen.LIBCMT ref: 00EA6B6A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: LongNamePath_wcslen
                                                          • String ID:
                                                          • API String ID: 541455249-0
                                                          • Opcode ID: f6eb9d23f6ba06b70904a0fe381a795ccaeb921586b48e5aa530a533c70dcf27
                                                          • Instruction ID: d9847ed1bb5c70a4e488e3820dec22899dd5ea4895012d517fe95c81f85cd09b
                                                          • Opcode Fuzzy Hash: f6eb9d23f6ba06b70904a0fe381a795ccaeb921586b48e5aa530a533c70dcf27
                                                          • Instruction Fuzzy Hash: C8E0CD726001285BC71192589C05FDA77DDDFC9790F0500B1FD09F7248D970ED80C690
                                                          Function 00EA2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00EA3908
                                                            • Part of subcall function 00EAD739: GetInputState.USER32 ref: 00EAD807
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00EA2B6B
                                                            • Part of subcall function 00EA30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00EA314E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                          • String ID:
                                                          • API String ID: 3667716007-0
                                                          • Opcode ID: 26b5894914acf82728f5fbe93637310ee362bb8270aea377421f43ea82edba8a
                                                          • Instruction ID: 89521882a3be2057737f3dac6f0fe50e1aaea49c7683d48eb31682633199ea78
                                                          • Opcode Fuzzy Hash: 26b5894914acf82728f5fbe93637310ee362bb8270aea377421f43ea82edba8a
                                                          • Instruction Fuzzy Hash: B3E0862230424807C608BB78A85657DB7D99BDB355F40757EF147BB1A3CE2865494352
                                                          Function 00EE039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNELBASE(00000000,00000000,?,00EE0704,?,?,00000000,?,00EE0704,00000000,0000000C), ref: 00EE03B7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: aa6679e59f0b40e464f4fbfe40347118900eaa99518eb85d30a474505b194105
                                                          • Instruction ID: 205c026550611a92a340b82b74c8948039651bcebcf61e0719744da6f8fccff1
                                                          • Opcode Fuzzy Hash: aa6679e59f0b40e464f4fbfe40347118900eaa99518eb85d30a474505b194105
                                                          • Instruction Fuzzy Hash: 75D06C3204010DBBDF029F84DD06EDA3BAAFB48714F014000BE1866020C732E821AB90
                                                          Function 00EA1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00EA1CBC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: InfoParametersSystem
                                                          • String ID:
                                                          • API String ID: 3098949447-0
                                                          • Opcode ID: d4a5c1507a6f8f78955bc7d2256af2624824caf9ebe6d44546fc0851cde5739d
                                                          • Instruction ID: adde5871139982f6ef12cc0357b733b9b58203430b7f2ca7c3e8292178caf8ae
                                                          • Opcode Fuzzy Hash: d4a5c1507a6f8f78955bc7d2256af2624824caf9ebe6d44546fc0851cde5739d
                                                          • Instruction Fuzzy Hash: 03C0923628030CEFF2948B94BC4AF107765B348B10F088001F64DA95E3C7A228A0FBA2

                                                          Non-executed Functions

                                                          Function 00F39576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EB9BB2
                                                          • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00F3961A
                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00F3965B
                                                          • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00F3969F
                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F396C9
                                                          • SendMessageW.USER32 ref: 00F396F2
                                                          • GetKeyState.USER32(00000011), ref: 00F3978B
                                                          • GetKeyState.USER32(00000009), ref: 00F39798
                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00F397AE
                                                          • GetKeyState.USER32(00000010), ref: 00F397B8
                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F397E9
                                                          • SendMessageW.USER32 ref: 00F39810
                                                          • SendMessageW.USER32(?,00001030,?,00F37E95), ref: 00F39918
                                                          • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00F3992E
                                                          • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00F39941
                                                          • SetCapture.USER32(?), ref: 00F3994A
                                                          • ClientToScreen.USER32(?,?), ref: 00F399AF
                                                          • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00F399BC
                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00F399D6
                                                          • ReleaseCapture.USER32 ref: 00F399E1
                                                          • GetCursorPos.USER32(?), ref: 00F39A19
                                                          • ScreenToClient.USER32(?,?), ref: 00F39A26
                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00F39A80
                                                          • SendMessageW.USER32 ref: 00F39AAE
                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00F39AEB
                                                          • SendMessageW.USER32 ref: 00F39B1A
                                                          • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00F39B3B
                                                          • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00F39B4A
                                                          • GetCursorPos.USER32(?), ref: 00F39B68
                                                          • ScreenToClient.USER32(?,?), ref: 00F39B75
                                                          • GetParent.USER32(?), ref: 00F39B93
                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00F39BFA
                                                          • SendMessageW.USER32 ref: 00F39C2B
                                                          • ClientToScreen.USER32(?,?), ref: 00F39C84
                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00F39CB4
                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00F39CDE
                                                          • SendMessageW.USER32 ref: 00F39D01
                                                          • ClientToScreen.USER32(?,?), ref: 00F39D4E
                                                          • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00F39D82
                                                            • Part of subcall function 00EB9944: GetWindowLongW.USER32(?,000000EB), ref: 00EB9952
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F39E05
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                          • String ID: @GUI_DRAGID$F
                                                          • API String ID: 3429851547-4164748364
                                                          • Opcode ID: 0b8a86eb066642cfa93452f5b040b87b2c893c824afb3fdf97bed9a0b11cbf91
                                                          • Instruction ID: 7da03a9ab10d4f1df54a62cd71a7fbe74e224323b1edee3759dec9cf4c3c67f9
                                                          • Opcode Fuzzy Hash: 0b8a86eb066642cfa93452f5b040b87b2c893c824afb3fdf97bed9a0b11cbf91
                                                          • Instruction Fuzzy Hash: DF42BC31609205AFD720CF28CC45FAABBE5FF49330F140619F699972A1D7B1E854EB92
                                                          Function 00F34873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00F348F3
                                                          • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00F34908
                                                          • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00F34927
                                                          • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00F3494B
                                                          • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00F3495C
                                                          • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00F3497B
                                                          • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00F349AE
                                                          • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00F349D4
                                                          • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00F34A0F
                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00F34A56
                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00F34A7E
                                                          • IsMenu.USER32(?), ref: 00F34A97
                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F34AF2
                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F34B20
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F34B94
                                                          • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00F34BE3
                                                          • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00F34C82
                                                          • wsprintfW.USER32 ref: 00F34CAE
                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F34CC9
                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00F34CF1
                                                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00F34D13
                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F34D33
                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00F34D5A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                          • String ID: %d/%02d/%02d
                                                          • API String ID: 4054740463-328681919
                                                          • Opcode ID: 95ec732584f37436c514aa2295d9c979e198f272d7ed9208873626c1e729a2a3
                                                          • Instruction ID: 3d6b07e59f655f6da3d98901d12699abac57390591c2fffa5f25c401c891bf32
                                                          • Opcode Fuzzy Hash: 95ec732584f37436c514aa2295d9c979e198f272d7ed9208873626c1e729a2a3
                                                          • Instruction Fuzzy Hash: 6512BF71A00218ABEB258F24CC49FAE7BE9AF45730F144129F519EB2E1DB74B941EB50
                                                          Function 00EBF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00EBF998
                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EFF474
                                                          • IsIconic.USER32(00000000), ref: 00EFF47D
                                                          • ShowWindow.USER32(00000000,00000009), ref: 00EFF48A
                                                          • SetForegroundWindow.USER32(00000000), ref: 00EFF494
                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00EFF4AA
                                                          • GetCurrentThreadId.KERNEL32 ref: 00EFF4B1
                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00EFF4BD
                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 00EFF4CE
                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 00EFF4D6
                                                          • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00EFF4DE
                                                          • SetForegroundWindow.USER32(00000000), ref: 00EFF4E1
                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EFF4F6
                                                          • keybd_event.USER32(00000012,00000000), ref: 00EFF501
                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EFF50B
                                                          • keybd_event.USER32(00000012,00000000), ref: 00EFF510
                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EFF519
                                                          • keybd_event.USER32(00000012,00000000), ref: 00EFF51E
                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EFF528
                                                          • keybd_event.USER32(00000012,00000000), ref: 00EFF52D
                                                          • SetForegroundWindow.USER32(00000000), ref: 00EFF530
                                                          • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00EFF557
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                          • String ID: Shell_TrayWnd
                                                          • API String ID: 4125248594-2988720461
                                                          • Opcode ID: e1ca9d8004315e5759fb2ccc3e308f4c7759d5c281f5cca7907347a32a51ba4a
                                                          • Instruction ID: 306b7b922e1059f47c42643cb520f07ad209d1638ec067cc87ecf1187089cc86
                                                          • Opcode Fuzzy Hash: e1ca9d8004315e5759fb2ccc3e308f4c7759d5c281f5cca7907347a32a51ba4a
                                                          • Instruction Fuzzy Hash: 66313D71A4021CBAEB206BB55C4AFBF7E6DEF44B60F141066FA05F61D1C6B19D00ABA0
                                                          Function 00F01201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F016C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F0170D
                                                            • Part of subcall function 00F016C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F0173A
                                                            • Part of subcall function 00F016C3: GetLastError.KERNEL32 ref: 00F0174A
                                                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00F01286
                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00F012A8
                                                          • CloseHandle.KERNEL32(?), ref: 00F012B9
                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00F012D1
                                                          • GetProcessWindowStation.USER32 ref: 00F012EA
                                                          • SetProcessWindowStation.USER32(00000000), ref: 00F012F4
                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00F01310
                                                            • Part of subcall function 00F010BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F011FC), ref: 00F010D4
                                                            • Part of subcall function 00F010BF: CloseHandle.KERNEL32(?,?,00F011FC), ref: 00F010E9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                          • String ID: $default$winsta0
                                                          • API String ID: 22674027-1027155976
                                                          • Opcode ID: 8a014189861fdac31ce0c4ca4d30d615625a31873cb679a94193fb7834538097
                                                          • Instruction ID: bb837a4a854ba39278c828c9506c68957afdda5d5bb601cea3dc5cbbad39cf81
                                                          • Opcode Fuzzy Hash: 8a014189861fdac31ce0c4ca4d30d615625a31873cb679a94193fb7834538097
                                                          • Instruction Fuzzy Hash: 648177B1900209ABDF21DFA4DC49FEE7BBAFF05724F144129F910B62A0C7758A54EB61
                                                          Function 00F00B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F010F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F01114
                                                            • Part of subcall function 00F010F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00F00B9B,?,?,?), ref: 00F01120
                                                            • Part of subcall function 00F010F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F00B9B,?,?,?), ref: 00F0112F
                                                            • Part of subcall function 00F010F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F00B9B,?,?,?), ref: 00F01136
                                                            • Part of subcall function 00F010F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F0114D
                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F00BCC
                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F00C00
                                                          • GetLengthSid.ADVAPI32(?), ref: 00F00C17
                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00F00C51
                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F00C6D
                                                          • GetLengthSid.ADVAPI32(?), ref: 00F00C84
                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00F00C8C
                                                          • HeapAlloc.KERNEL32(00000000), ref: 00F00C93
                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F00CB4
                                                          • CopySid.ADVAPI32(00000000), ref: 00F00CBB
                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F00CEA
                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F00D0C
                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F00D1E
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F00D45
                                                          • HeapFree.KERNEL32(00000000), ref: 00F00D4C
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F00D55
                                                          • HeapFree.KERNEL32(00000000), ref: 00F00D5C
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F00D65
                                                          • HeapFree.KERNEL32(00000000), ref: 00F00D6C
                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00F00D78
                                                          • HeapFree.KERNEL32(00000000), ref: 00F00D7F
                                                            • Part of subcall function 00F01193: GetProcessHeap.KERNEL32(00000008,00F00BB1,?,00000000,?,00F00BB1,?), ref: 00F011A1
                                                            • Part of subcall function 00F01193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00F00BB1,?), ref: 00F011A8
                                                            • Part of subcall function 00F01193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00F00BB1,?), ref: 00F011B7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                          • String ID:
                                                          • API String ID: 4175595110-0
                                                          • Opcode ID: 644beffae8b9e9a8b1d3b1a9e0cb8cd47965daebd11159914ee1d1ea6608b2a0
                                                          • Instruction ID: 71b3e7b4161ad7a3bb64b3e46d528fce0fbb8cc2d32127a4ac4399441becce6f
                                                          • Opcode Fuzzy Hash: 644beffae8b9e9a8b1d3b1a9e0cb8cd47965daebd11159914ee1d1ea6608b2a0
                                                          • Instruction Fuzzy Hash: A3715AB2D0120AABDF10DFA5DD44FAEBBB9BF04320F044515E914F6191DB75AA05EBB0
                                                          Function 00F1EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • OpenClipboard.USER32(00F3CC08), ref: 00F1EB29
                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 00F1EB37
                                                          • GetClipboardData.USER32(0000000D), ref: 00F1EB43
                                                          • CloseClipboard.USER32 ref: 00F1EB4F
                                                          • GlobalLock.KERNEL32(00000000), ref: 00F1EB87
                                                          • CloseClipboard.USER32 ref: 00F1EB91
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00F1EBBC
                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 00F1EBC9
                                                          • GetClipboardData.USER32(00000001), ref: 00F1EBD1
                                                          • GlobalLock.KERNEL32(00000000), ref: 00F1EBE2
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00F1EC22
                                                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 00F1EC38
                                                          • GetClipboardData.USER32(0000000F), ref: 00F1EC44
                                                          • GlobalLock.KERNEL32(00000000), ref: 00F1EC55
                                                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00F1EC77
                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00F1EC94
                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00F1ECD2
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00F1ECF3
                                                          • CountClipboardFormats.USER32 ref: 00F1ED14
                                                          • CloseClipboard.USER32 ref: 00F1ED59
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                          • String ID:
                                                          • API String ID: 420908878-0
                                                          • Opcode ID: a4c26a4b61e91f18b512ddcf6ddccfe708bab6e0c3651791d1898bb7933d3f30
                                                          • Instruction ID: f47ec590b82ed2ec013f08b7a0ef9d8caf8840b9420bfbf21631b01db3fe10a9
                                                          • Opcode Fuzzy Hash: a4c26a4b61e91f18b512ddcf6ddccfe708bab6e0c3651791d1898bb7933d3f30
                                                          • Instruction Fuzzy Hash: 356117352043059FD300DF20D889F6AB7E5EF85724F18545DF856AB2A2CB30ED85EBA2
                                                          Function 00F1698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00F169BE
                                                          • FindClose.KERNEL32(00000000), ref: 00F16A12
                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F16A4E
                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F16A75
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F16AB2
                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F16ADF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                          • API String ID: 3830820486-3289030164
                                                          • Opcode ID: fffb94838696cd488ffb508a158e8965cda0e7ef41a189ee97c98d2a7270c6d3
                                                          • Instruction ID: c261872729df17b9ab04210cfdda32ef8f085fbcf249f9909bed577a14f2ea44
                                                          • Opcode Fuzzy Hash: fffb94838696cd488ffb508a158e8965cda0e7ef41a189ee97c98d2a7270c6d3
                                                          • Instruction Fuzzy Hash: 0CD14072508300AFC714EBA4CC91EABB7ECAF89704F44591DF585E7192EB74EA44CB62
                                                          Function 00F19642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00F19663
                                                          • GetFileAttributesW.KERNEL32(?), ref: 00F196A1
                                                          • SetFileAttributesW.KERNEL32(?,?), ref: 00F196BB
                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00F196D3
                                                          • FindClose.KERNEL32(00000000), ref: 00F196DE
                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00F196FA
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00F1974A
                                                          • SetCurrentDirectoryW.KERNEL32(00F66B7C), ref: 00F19768
                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F19772
                                                          • FindClose.KERNEL32(00000000), ref: 00F1977F
                                                          • FindClose.KERNEL32(00000000), ref: 00F1978F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                          • String ID: *.*
                                                          • API String ID: 1409584000-438819550
                                                          • Opcode ID: 645986846ea10c3f1fb52cbcae0a9f5ee49f65e79f7cb8620d2bae1d3e81a02b
                                                          • Instruction ID: bfbe5073370347045b607365e8b1f59e32873db81ff12924e9c8fa3e23b80620
                                                          • Opcode Fuzzy Hash: 645986846ea10c3f1fb52cbcae0a9f5ee49f65e79f7cb8620d2bae1d3e81a02b
                                                          • Instruction Fuzzy Hash: F031C032904219AADF14AFB5DC18ADE77ACAF49330F104165F815E21E0DBB0DA80ABA0
                                                          Function 00F1979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00F197BE
                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00F19819
                                                          • FindClose.KERNEL32(00000000), ref: 00F19824
                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00F19840
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00F19890
                                                          • SetCurrentDirectoryW.KERNEL32(00F66B7C), ref: 00F198AE
                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F198B8
                                                          • FindClose.KERNEL32(00000000), ref: 00F198C5
                                                          • FindClose.KERNEL32(00000000), ref: 00F198D5
                                                            • Part of subcall function 00F0DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00F0DB00
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                          • String ID: *.*
                                                          • API String ID: 2640511053-438819550
                                                          • Opcode ID: 0a975dde3f0472f89a43342245a2d504f085fa4602711e61f92a5ba31abeb142
                                                          • Instruction ID: 16392179b3908fd42dad2ab3116d9f4a707b7cdc7996fc962c92e5d93d833cc7
                                                          • Opcode Fuzzy Hash: 0a975dde3f0472f89a43342245a2d504f085fa4602711e61f92a5ba31abeb142
                                                          • Instruction Fuzzy Hash: C331C1329042196EDB14AFB4EC58ADE77ACAF46330F504165E814F21A0DBB1DAC5EBA0
                                                          Function 00F2BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F2B6AE,?,?), ref: 00F2C9B5
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2C9F1
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2CA68
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2CA9E
                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F2BF3E
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00F2BFA9
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00F2BFCD
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00F2C02C
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00F2C0E7
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00F2C154
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00F2C1E9
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00F2C23A
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00F2C2E3
                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00F2C382
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00F2C38F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                          • String ID:
                                                          • API String ID: 3102970594-0
                                                          • Opcode ID: ab9c726b4029d1a7027ebd4ba977a88b9aefd8cca00f83850202c69c3a281600
                                                          • Instruction ID: e38de8262e85a5a61561d080e51e4de31fef7399af71c26012d4a6606ce6d4cf
                                                          • Opcode Fuzzy Hash: ab9c726b4029d1a7027ebd4ba977a88b9aefd8cca00f83850202c69c3a281600
                                                          • Instruction Fuzzy Hash: 2B025C716042109FC714DF24D891E2ABBE5EF89314F19889DF84ADF2A2DB31EC45DB92
                                                          Function 00F18195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLocalTime.KERNEL32(?), ref: 00F18257
                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F18267
                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F18273
                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00F18310
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00F18324
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00F18356
                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00F1838C
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00F18395
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentDirectoryTime$File$Local$System
                                                          • String ID: *.*
                                                          • API String ID: 1464919966-438819550
                                                          • Opcode ID: 2deef9a0aa810356fbf8cc787d66e0b0a76a65e4438ae46d3c3470141fce02dc
                                                          • Instruction ID: 25e7f5b8b9b377f40dea168a683743c83647d70fdb587b4e61c4fe90cd7beb89
                                                          • Opcode Fuzzy Hash: 2deef9a0aa810356fbf8cc787d66e0b0a76a65e4438ae46d3c3470141fce02dc
                                                          • Instruction Fuzzy Hash: F4618C725043459FC710EF60C84099EB3E9FF89360F04491DF999E7251DB35E946CB92
                                                          Function 00F0D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EA3A97,?,?,00EA2E7F,?,?,?,00000000), ref: 00EA3AC2
                                                            • Part of subcall function 00F0E199: GetFileAttributesW.KERNEL32(?,00F0CF95), ref: 00F0E19A
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00F0D122
                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00F0D1DD
                                                          • MoveFileW.KERNEL32(?,?), ref: 00F0D1F0
                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 00F0D20D
                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F0D237
                                                            • Part of subcall function 00F0D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00F0D21C,?,?), ref: 00F0D2B2
                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 00F0D253
                                                          • FindClose.KERNEL32(00000000), ref: 00F0D264
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                          • String ID: \*.*
                                                          • API String ID: 1946585618-1173974218
                                                          • Opcode ID: 173e5bff89c95b67bccace598472d1241d5ed93d35b3a1d807787ff8fea8f903
                                                          • Instruction ID: ffed29d9e1320cf0c14aaf2f1f92c8d1923f9eabf8d8e95b9b91349727f1daee
                                                          • Opcode Fuzzy Hash: 173e5bff89c95b67bccace598472d1241d5ed93d35b3a1d807787ff8fea8f903
                                                          • Instruction Fuzzy Hash: 4F615E31C0511DABCF05EBE0DE529EEB7B5AF59350F244165E40277192EB34AF09EB60
                                                          Function 00F1ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                          • String ID:
                                                          • API String ID: 1737998785-0
                                                          • Opcode ID: fc67af1769949c0ed92e1b685678eb316f3d5b8165f3e58cad0901722a940cf1
                                                          • Instruction ID: e71f4706ff42798800f29625d6bbca594792218b9e9dabca20046ca31e7d985f
                                                          • Opcode Fuzzy Hash: fc67af1769949c0ed92e1b685678eb316f3d5b8165f3e58cad0901722a940cf1
                                                          • Instruction Fuzzy Hash: 65419D35604611AFD310DF25E889B5ABBE1FF44328F15C099E8199B762C735EC82DBD0
                                                          Function 00F0E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F016C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F0170D
                                                            • Part of subcall function 00F016C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F0173A
                                                            • Part of subcall function 00F016C3: GetLastError.KERNEL32 ref: 00F0174A
                                                          • ExitWindowsEx.USER32(?,00000000), ref: 00F0E932
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                          • String ID: $ $@$SeShutdownPrivilege
                                                          • API String ID: 2234035333-3163812486
                                                          • Opcode ID: 418b1765b9b08de93f74ed044a2234d22308ac5547743089ac7dc0468edac816
                                                          • Instruction ID: 01095cc06eed6247b795cde37133cbc0a0f3d6603f2f04f2a30c5f3881080362
                                                          • Opcode Fuzzy Hash: 418b1765b9b08de93f74ed044a2234d22308ac5547743089ac7dc0468edac816
                                                          • Instruction Fuzzy Hash: FE01D673A10215ABEB6427B49C86BBB725CAB14760F154D21FC03F21D2D5A55C40B2D0
                                                          Function 00F21204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00F21276
                                                          • WSAGetLastError.WSOCK32 ref: 00F21283
                                                          • bind.WSOCK32(00000000,?,00000010), ref: 00F212BA
                                                          • WSAGetLastError.WSOCK32 ref: 00F212C5
                                                          • closesocket.WSOCK32(00000000), ref: 00F212F4
                                                          • listen.WSOCK32(00000000,00000005), ref: 00F21303
                                                          • WSAGetLastError.WSOCK32 ref: 00F2130D
                                                          • closesocket.WSOCK32(00000000), ref: 00F2133C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$closesocket$bindlistensocket
                                                          • String ID:
                                                          • API String ID: 540024437-0
                                                          • Opcode ID: afa0a9e542437ff40850a61460ff1a4aea63f8431a94417b1b8995b07de0c65f
                                                          • Instruction ID: 7ac3885c596c2310d21a107d848f1f65621d71ebd37d54016ca5b2cf6fd0055e
                                                          • Opcode Fuzzy Hash: afa0a9e542437ff40850a61460ff1a4aea63f8431a94417b1b8995b07de0c65f
                                                          • Instruction Fuzzy Hash: 1E418131A00114DFD710DF64D488B2ABBE6BF56328F188198E8569F2D2C771ED81DBE1
                                                          Function 00EDB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 00EDB9D4
                                                          • _free.LIBCMT ref: 00EDB9F8
                                                          • _free.LIBCMT ref: 00EDBB7F
                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00F43700), ref: 00EDBB91
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00F7121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00EDBC09
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00F71270,000000FF,?,0000003F,00000000,?), ref: 00EDBC36
                                                          • _free.LIBCMT ref: 00EDBD4B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                          • String ID:
                                                          • API String ID: 314583886-0
                                                          • Opcode ID: d64412b34681e22f1505f1514aa22d5e299d9f182684cdbcfded86d7fc64225f
                                                          • Instruction ID: b40baff19c94408471395224747f39a17ad1fbb8f0df342d72a65a1609215a89
                                                          • Opcode Fuzzy Hash: d64412b34681e22f1505f1514aa22d5e299d9f182684cdbcfded86d7fc64225f
                                                          • Instruction Fuzzy Hash: E5C12671904248EFDB209F688851AAABBE9EF41314F15619BE494FB392FB318E43D750
                                                          Function 00F0D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EA3A97,?,?,00EA2E7F,?,?,?,00000000), ref: 00EA3AC2
                                                            • Part of subcall function 00F0E199: GetFileAttributesW.KERNEL32(?,00F0CF95), ref: 00F0E19A
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00F0D420
                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 00F0D470
                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F0D481
                                                          • FindClose.KERNEL32(00000000), ref: 00F0D498
                                                          • FindClose.KERNEL32(00000000), ref: 00F0D4A1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                          • String ID: \*.*
                                                          • API String ID: 2649000838-1173974218
                                                          • Opcode ID: 6c11bde887726f2103e1e877a1fad9b2447c866366f5187c272942540b16d3d6
                                                          • Instruction ID: ebcd8b6b97774c95c877e63d39342dae2b0f374c289ccf7f16930d576a4b1590
                                                          • Opcode Fuzzy Hash: 6c11bde887726f2103e1e877a1fad9b2447c866366f5187c272942540b16d3d6
                                                          • Instruction Fuzzy Hash: 013180314083459FC304EF64D8919AFB7E8AE96314F445A2DF4D1A7191EB34EA09E7A3
                                                          Function 00EDE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: __floor_pentium4
                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                          • API String ID: 4168288129-2761157908
                                                          • Opcode ID: 7a90f3ba3308858310f5136d6fe5d8a8badf119cef45c13ff3495349281c0a1b
                                                          • Instruction ID: 3fc6b0381172514bd7245b8b10ddd90271e5f779b0d819ecaa551ff27447505a
                                                          • Opcode Fuzzy Hash: 7a90f3ba3308858310f5136d6fe5d8a8badf119cef45c13ff3495349281c0a1b
                                                          • Instruction Fuzzy Hash: E3C22771E086288BDB25DE289D447EAB7B5EB48305F1451EBD84EF7340E775AE828F40
                                                          Function 00F1648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 00F164DC
                                                          • CoInitialize.OLE32(00000000), ref: 00F16639
                                                          • CoCreateInstance.OLE32(00F3FCF8,00000000,00000001,00F3FB68,?), ref: 00F16650
                                                          • CoUninitialize.OLE32 ref: 00F168D4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                          • String ID: .lnk
                                                          • API String ID: 886957087-24824748
                                                          • Opcode ID: 2def1f95c85e9387dd8b6336ac37402113844ccb394b54465d7a03aef4cdba06
                                                          • Instruction ID: 90c4667904d5445bf244887eb5ea3d2834a9a8ff2895d71b54bf4fe848330993
                                                          • Opcode Fuzzy Hash: 2def1f95c85e9387dd8b6336ac37402113844ccb394b54465d7a03aef4cdba06
                                                          • Instruction Fuzzy Hash: 54D16A71608201AFC304EF24C881EABB7E9FF99314F14496DF595DB292DB31E949CB92
                                                          Function 00F222DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetForegroundWindow.USER32(?,?,00000000), ref: 00F222E8
                                                            • Part of subcall function 00F1E4EC: GetWindowRect.USER32(?,?), ref: 00F1E504
                                                          • GetDesktopWindow.USER32 ref: 00F22312
                                                          • GetWindowRect.USER32(00000000), ref: 00F22319
                                                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00F22355
                                                          • GetCursorPos.USER32(?), ref: 00F22381
                                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00F223DF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                          • String ID:
                                                          • API String ID: 2387181109-0
                                                          • Opcode ID: 0330bd27d0f218ecfb83740326d6388a03f8e75a921549f12620287d07a25ae9
                                                          • Instruction ID: c4fbdb4474a0f485ff9265883524806fa159c8ae3b1f44ee3e12fb350df28671
                                                          • Opcode Fuzzy Hash: 0330bd27d0f218ecfb83740326d6388a03f8e75a921549f12620287d07a25ae9
                                                          • Instruction Fuzzy Hash: 7C31AF72504315ABD760DF54D845B5BB7AAFF84324F000A19F985A7191DB34ED08DBD2
                                                          Function 00F19B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00F19B78
                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00F19C8B
                                                            • Part of subcall function 00F13874: GetInputState.USER32 ref: 00F138CB
                                                            • Part of subcall function 00F13874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F13966
                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00F19BA8
                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00F19C75
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                          • String ID: *.*
                                                          • API String ID: 1972594611-438819550
                                                          • Opcode ID: 7574d82025a0e46066621011f00c6659d2fc3843dca6ef4d20c1f580547c43ad
                                                          • Instruction ID: bcc1fe240f5ec90cd40169d48011a9c88613ace0908ffd3b3881a2f6cd562cf2
                                                          • Opcode Fuzzy Hash: 7574d82025a0e46066621011f00c6659d2fc3843dca6ef4d20c1f580547c43ad
                                                          • Instruction Fuzzy Hash: 75417E7190820A9BCF15DF64C855AEEBBF8EF09320F244055E855B6291EB70AE84DBE1
                                                          Function 00EB997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EB9BB2
                                                          • DefDlgProcW.USER32(?,?,?,?,?), ref: 00EB9A4E
                                                          • GetSysColor.USER32(0000000F), ref: 00EB9B23
                                                          • SetBkColor.GDI32(?,00000000), ref: 00EB9B36
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Color$LongProcWindow
                                                          • String ID:
                                                          • API String ID: 3131106179-0
                                                          • Opcode ID: 45fc045be227131b6d605f1f9ca4dc64af37469d9739a3a1b2490372e0cfdd28
                                                          • Instruction ID: b435279f0e4a8f5383ba3809dfb89a60ef2710530baa493f02f385abdff56201
                                                          • Opcode Fuzzy Hash: 45fc045be227131b6d605f1f9ca4dc64af37469d9739a3a1b2490372e0cfdd28
                                                          • Instruction Fuzzy Hash: 04A13D70108448BEE724AA3C8C99DFB369DEF42354F15610AF742F66D3CA359D41E276
                                                          Function 00F21806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F2304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F2307A
                                                            • Part of subcall function 00F2304E: _wcslen.LIBCMT ref: 00F2309B
                                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00F2185D
                                                          • WSAGetLastError.WSOCK32 ref: 00F21884
                                                          • bind.WSOCK32(00000000,?,00000010), ref: 00F218DB
                                                          • WSAGetLastError.WSOCK32 ref: 00F218E6
                                                          • closesocket.WSOCK32(00000000), ref: 00F21915
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                          • String ID:
                                                          • API String ID: 1601658205-0
                                                          • Opcode ID: 0d88b235523738020bcc97947999d5e18274e4e169bf1193e40d84b2fc7718ab
                                                          • Instruction ID: 9ff34dc852d1dafcf91d959a86208704efb44809cb8ebf347e0bcf527a4d3e2c
                                                          • Opcode Fuzzy Hash: 0d88b235523738020bcc97947999d5e18274e4e169bf1193e40d84b2fc7718ab
                                                          • Instruction Fuzzy Hash: 9151B275A00210AFDB10EF24D886F6A77E5AB49718F188098F959AF3D3C771AD41CBA1
                                                          Function 00F31C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                          • String ID:
                                                          • API String ID: 292994002-0
                                                          • Opcode ID: 07962eab7d8f7d5b609451ca8ed9038b62bc60f99bac7386721fb4d2230b3746
                                                          • Instruction ID: 47f0997328a4e51e3ce510d3c2ba0b341f55aadf9106e7d164cfd4390405b8df
                                                          • Opcode Fuzzy Hash: 07962eab7d8f7d5b609451ca8ed9038b62bc60f99bac7386721fb4d2230b3746
                                                          • Instruction Fuzzy Hash: 9821A631B402115FD7208F1AC854B9A7BE5FF85375F199058E8499B351C775EC42EBD0
                                                          Function 00EA8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                          • API String ID: 0-1546025612
                                                          • Opcode ID: 7a75fcba8af2238352320145697132373ea48a9c7a9ae4fa558d87139f5ecb03
                                                          • Instruction ID: 68d0f84395c3537a09bea0917e6909a672ff6e33e333ba6f6a3692edeffe5992
                                                          • Opcode Fuzzy Hash: 7a75fcba8af2238352320145697132373ea48a9c7a9ae4fa558d87139f5ecb03
                                                          • Instruction Fuzzy Hash: F8A28F71E0065ACBDF24CF59C9407EEB7B1BF59318F2491AAE815BB285DB30AD81CB50
                                                          Function 00EC4CE8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentProcess.KERNEL32(00ED28E9,(,00EC4CBE,00000000,00F688B8,0000000C,00EC4E15,(,00000002,00000000,?,00ED28E9,00000003,00ED2DF7,?,?), ref: 00EC4D09
                                                          • TerminateProcess.KERNEL32(00000000,?,00ED28E9,00000003,00ED2DF7,?,?,?,00ECE6D1,?,00F68A48,00000010,00EA4F4A,?,?,00000000), ref: 00EC4D10
                                                          • ExitProcess.KERNEL32 ref: 00EC4D22
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$CurrentExitTerminate
                                                          • String ID: (
                                                          • API String ID: 1703294689-2063206799
                                                          • Opcode ID: fb549ba9ccef7b8851f50b15a3db905ef778c8737ac83709b23bceceb26a667f
                                                          • Instruction ID: 68ac227f120e925b6bbd685c2f65f573814da53e0d0e8a4d43e3dc5135d8c325
                                                          • Opcode Fuzzy Hash: fb549ba9ccef7b8851f50b15a3db905ef778c8737ac83709b23bceceb26a667f
                                                          • Instruction Fuzzy Hash: B4E0B6B1000148ABCF11BF64DE1AF983F6AEB417A5B105418FC16AA262CB36DD52EB80
                                                          Function 00F0AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00F0AAAC
                                                          • SetKeyboardState.USER32(00000080), ref: 00F0AAC8
                                                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00F0AB36
                                                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00F0AB88
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: KeyboardState$InputMessagePostSend
                                                          • String ID:
                                                          • API String ID: 432972143-0
                                                          • Opcode ID: 6ff7ae5241a4286dbcae1d9606d24af2b51b1d200ce4e13e63c08837f118de40
                                                          • Instruction ID: 5beed71dbfcd3ac776c6e307dca4da5538be91fb4556f43f416fc0b6799eac88
                                                          • Opcode Fuzzy Hash: 6ff7ae5241a4286dbcae1d9606d24af2b51b1d200ce4e13e63c08837f118de40
                                                          • Instruction Fuzzy Hash: 7D3116B1E40708AEFF358B64CC05BFA7BA6AB84330F04421AF085561D1D378C981F7A2
                                                          Function 00F1CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 00F1CE89
                                                          • GetLastError.KERNEL32(?,00000000), ref: 00F1CEEA
                                                          • SetEvent.KERNEL32(?,?,00000000), ref: 00F1CEFE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorEventFileInternetLastRead
                                                          • String ID:
                                                          • API String ID: 234945975-0
                                                          • Opcode ID: a2480d7ad1928712bb817c3d8fa6383ad0fefda9355636a3155ebd42f9871cbc
                                                          • Instruction ID: 562d0b9323c5e37f9dcfbb21f14abb657ad90fedcf0142b528499d631b336ab9
                                                          • Opcode Fuzzy Hash: a2480d7ad1928712bb817c3d8fa6383ad0fefda9355636a3155ebd42f9871cbc
                                                          • Instruction Fuzzy Hash: EA21CF71940305ABDB30CFA5C948BA7B7FDEB00324F10441EE546E2151E775EE85ABE0
                                                          Function 00F08298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00F082AA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: lstrlen
                                                          • String ID: ($|
                                                          • API String ID: 1659193697-1631851259
                                                          • Opcode ID: bcb79e4cdc8654497b359c6d992913e5bbb22056d3cbb7db02f2c187a8ce2e8e
                                                          • Instruction ID: 4d41adcabbb41b56b1267f847f84aac433cfd7eabe2ed9ab741f382e2f6ced92
                                                          • Opcode Fuzzy Hash: bcb79e4cdc8654497b359c6d992913e5bbb22056d3cbb7db02f2c187a8ce2e8e
                                                          • Instruction Fuzzy Hash: 59323575A007059FCB28CF19C481A6AB7F0FF48760B15C56EE49ADB3A1EB70E942DB40
                                                          Function 00F15C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00F15CC1
                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00F15D17
                                                          • FindClose.KERNEL32(?), ref: 00F15D5F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Find$File$CloseFirstNext
                                                          • String ID:
                                                          • API String ID: 3541575487-0
                                                          • Opcode ID: 6a2ed83c5884d96be071826a334fcec4a7e11aef39ab402bdc83b1d7ed52e60d
                                                          • Instruction ID: 175d5c822534cdba4964c21e8d43e59db5daf43d1530e02cdbd570b74ffe1c34
                                                          • Opcode Fuzzy Hash: 6a2ed83c5884d96be071826a334fcec4a7e11aef39ab402bdc83b1d7ed52e60d
                                                          • Instruction Fuzzy Hash: 41519975A04601DFC714CF28D494A96B7E4FF8A324F14855DE95A9B3A1CB30F844DB91
                                                          Function 00ED2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • IsDebuggerPresent.KERNEL32 ref: 00ED271A
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00ED2724
                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00ED2731
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                          • String ID:
                                                          • API String ID: 3906539128-0
                                                          • Opcode ID: e317c93a045da3e475eae75cef5541782a089ab1c09f0bc6992a7589b3b58a1a
                                                          • Instruction ID: 89adfa840ced31f6cba0a2415e227392e1f9ec2aa502de30b31c9245bd504140
                                                          • Opcode Fuzzy Hash: e317c93a045da3e475eae75cef5541782a089ab1c09f0bc6992a7589b3b58a1a
                                                          • Instruction Fuzzy Hash: A031C67590121CABCB21DF68DD88B99BBB8EF18310F5051DAE91CA7260E7349F828F44
                                                          Function 00F151CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNEL32(00000001), ref: 00F151DA
                                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00F15238
                                                          • SetErrorMode.KERNEL32(00000000), ref: 00F152A1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorMode$DiskFreeSpace
                                                          • String ID:
                                                          • API String ID: 1682464887-0
                                                          • Opcode ID: 1ad4ba98d7288b22392997eaffab05129eaf7395cea2ec70fb0cd046ae69d3d3
                                                          • Instruction ID: 6b7007fcd1009f749acac4ac11d833f76f4c30392b60e9cc0dd1c7c0900a5abe
                                                          • Opcode Fuzzy Hash: 1ad4ba98d7288b22392997eaffab05129eaf7395cea2ec70fb0cd046ae69d3d3
                                                          • Instruction Fuzzy Hash: 01312A75A00518DFDB00DF94D884EADBBF5FF49318F188099E805AB3A2DB35E856DB90
                                                          Function 00F016C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EBFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00EC0668
                                                            • Part of subcall function 00EBFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00EC0685
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F0170D
                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F0173A
                                                          • GetLastError.KERNEL32 ref: 00F0174A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                          • String ID:
                                                          • API String ID: 577356006-0
                                                          • Opcode ID: c851193e9ca59d2288f8fcbf9991f9ff2404d10979273e85bcf74a70454b236c
                                                          • Instruction ID: df29bf60e58be85558c553636f359dbf30bb2d8cfb75c92546dbb3b86b15477a
                                                          • Opcode Fuzzy Hash: c851193e9ca59d2288f8fcbf9991f9ff2404d10979273e85bcf74a70454b236c
                                                          • Instruction Fuzzy Hash: 731191B2504308AFD7189F54DC86EABB7F9FB44724B20852EE056A7281EB70FC419B60
                                                          Function 00F0D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F0D608
                                                          • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00F0D645
                                                          • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F0D650
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseControlCreateDeviceFileHandle
                                                          • String ID:
                                                          • API String ID: 33631002-0
                                                          • Opcode ID: b23c836d37894109360653740f248e2ccdc5036b0691047ea9705e28396c4388
                                                          • Instruction ID: 1c15df1a5eeef56da0a52afcb29c3b3b20727c18acae540d618ef13c14f19166
                                                          • Opcode Fuzzy Hash: b23c836d37894109360653740f248e2ccdc5036b0691047ea9705e28396c4388
                                                          • Instruction Fuzzy Hash: 2C113C75E05228BBDB108F959C45FAFBBBCEB45B60F108115F904E7290D6704A05ABA1
                                                          Function 00F01663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00F0168C
                                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00F016A1
                                                          • FreeSid.ADVAPI32(?), ref: 00F016B1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                                          • String ID:
                                                          • API String ID: 3429775523-0
                                                          • Opcode ID: 60364b09709b65e9f724e3bf673b95c9a654af0893725d70bee761ac90d2c236
                                                          • Instruction ID: a9cf2563f91a09051bdb6a6ad1f6f76f2c8b775a1a08cbb02832c6f62ddd865c
                                                          • Opcode Fuzzy Hash: 60364b09709b65e9f724e3bf673b95c9a654af0893725d70bee761ac90d2c236
                                                          • Instruction Fuzzy Hash: 94F0F4B195030DFBDB00DFE49D89AAEBBBDFB08714F504565E501E2181E774AA44AB90
                                                          Function 00EDC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: /
                                                          • API String ID: 0-2043925204
                                                          • Opcode ID: 2afea16913ed1fdae4c788ff02dd44cfaf44fbb145e065a56b03df7105894198
                                                          • Instruction ID: 9a0aa937b031f04aed923dc3cf072855a83241e82f64018a524b0662467e5ff6
                                                          • Opcode Fuzzy Hash: 2afea16913ed1fdae4c788ff02dd44cfaf44fbb145e065a56b03df7105894198
                                                          • Instruction Fuzzy Hash: 09416E7250061A6FCB20DFB9CC48DBB77B8EB84358F2052AEF915E7280E6709D42CB50
                                                          Function 00EFD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetUserNameW.ADVAPI32(?,?), ref: 00EFD28C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: NameUser
                                                          • String ID: X64
                                                          • API String ID: 2645101109-893830106
                                                          • Opcode ID: f8bb92e64ac3c0665ca7af759fe8cb5f9f61f41d7b380703e8b64a92154843c6
                                                          • Instruction ID: a32f93fe4024fda6b9946214853d25adcfd6b369b8756cf10f2f4aad5061bd18
                                                          • Opcode Fuzzy Hash: f8bb92e64ac3c0665ca7af759fe8cb5f9f61f41d7b380703e8b64a92154843c6
                                                          • Instruction Fuzzy Hash: 50D0C9B480511DEACB94DB90DC88DDEB77DBB04315F100151F106F2000D73095489F50
                                                          Function 00ECCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                          • Instruction ID: a092cd2a3f48e5d29eab4a97e5c50b42232c9a7e6eb75f95b0f920ee675ece41
                                                          • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                          • Instruction Fuzzy Hash: D002E871E002199FDF14CFA9C980BADFBF1EF48314F25916ED919B7284D731AA428B94
                                                          Function 00F168EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00F16918
                                                          • FindClose.KERNEL32(00000000), ref: 00F16961
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Find$CloseFileFirst
                                                          • String ID:
                                                          • API String ID: 2295610775-0
                                                          • Opcode ID: 619c49d28311734536686ab97df1c49824d6597a64a7885f6a0af6b91164a0d3
                                                          • Instruction ID: 51bcf6c7a57b139b32d40e5e26ca0acf219e453439041dbc7a0c3ac75f39fdc2
                                                          • Opcode Fuzzy Hash: 619c49d28311734536686ab97df1c49824d6597a64a7885f6a0af6b91164a0d3
                                                          • Instruction Fuzzy Hash: CD1190356042109FC710DF29D884A16BBE5FF89328F55C699E8699F2A2C730EC45CB91
                                                          Function 00F137B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00F24891,?,?,00000035,?), ref: 00F137E4
                                                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00F24891,?,?,00000035,?), ref: 00F137F4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorFormatLastMessage
                                                          • String ID:
                                                          • API String ID: 3479602957-0
                                                          • Opcode ID: 7ca57ec3358c922d5d629471607aa5f3d03f02e61e21a85ebce2af5d74ac5448
                                                          • Instruction ID: a4df72742d2fc1ee1b9afcb38640e50099dc36dd1c7a68ac4cc76b98b241f46a
                                                          • Opcode Fuzzy Hash: 7ca57ec3358c922d5d629471607aa5f3d03f02e61e21a85ebce2af5d74ac5448
                                                          • Instruction Fuzzy Hash: DEF0A0B16042282AE62017668C49FEB7AAEEF85771F000175F509E2281D9609944D7F0
                                                          Function 00F0B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00F0B25D
                                                          • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00F0B270
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: InputSendkeybd_event
                                                          • String ID:
                                                          • API String ID: 3536248340-0
                                                          • Opcode ID: d2534caceadbca0932afb86eceac994308d3ec71bb65bcaf77f181f75c518db8
                                                          • Instruction ID: ccee5f08d12fb6bd3730f1eeeffe049de588d4b9dcef745e994139e984283c61
                                                          • Opcode Fuzzy Hash: d2534caceadbca0932afb86eceac994308d3ec71bb65bcaf77f181f75c518db8
                                                          • Instruction Fuzzy Hash: B7F01D7180424DABDB159FA0C805BAE7BB4FF04315F048009F955A5191C7798611AF94
                                                          Function 00F010BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F011FC), ref: 00F010D4
                                                          • CloseHandle.KERNEL32(?,?,00F011FC), ref: 00F010E9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                          • String ID:
                                                          • API String ID: 81990902-0
                                                          • Opcode ID: 57a1257e93da04f2e7a33f523ce0653dba58ca4745f5e3d4b21744236dd51c79
                                                          • Instruction ID: 19ed374086d464b14075efb3d71dfac125f1e895fa8a8b09c632c08aaab2b86a
                                                          • Opcode Fuzzy Hash: 57a1257e93da04f2e7a33f523ce0653dba58ca4745f5e3d4b21744236dd51c79
                                                          • Instruction Fuzzy Hash: D3E0BF72014610AEF7252B51FC05EB777EAEB04320B14882DF5A5904B1DB62ACA0EB50
                                                          Function 00EACAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Variable is not of type 'Object'., xrefs: 00EF0C40
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Variable is not of type 'Object'.
                                                          • API String ID: 0-1840281001
                                                          • Opcode ID: 85d3fc5e53ba4b76715b77d8ba65d84af6ad667bc2462f2586bfa7a7f4e262d2
                                                          • Instruction ID: 768a2ecfdb6ffcec2d322f72c52366831cf955af688c5261dd33bce01ae8f8d5
                                                          • Opcode Fuzzy Hash: 85d3fc5e53ba4b76715b77d8ba65d84af6ad667bc2462f2586bfa7a7f4e262d2
                                                          • Instruction Fuzzy Hash: 16326B74A002189FCF14DF90C981AFDB7B5BF0A308F24A059E906BF292D735AE45CB61
                                                          Function 00ED676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00ED6766,?,?,00000008,?,?,00EDFEFE,00000000), ref: 00ED6998
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionRaise
                                                          • String ID:
                                                          • API String ID: 3997070919-0
                                                          • Opcode ID: b060144b42b82667dbe60b57c379ec81269500a441762c75c0d5701070f8f836
                                                          • Instruction ID: 62c4376daf5b3458a972d4f72f6209184975f971a792fa42dbf7ddd9ca985a42
                                                          • Opcode Fuzzy Hash: b060144b42b82667dbe60b57c379ec81269500a441762c75c0d5701070f8f836
                                                          • Instruction Fuzzy Hash: 80B16C356106089FD718CF28C486BA57BE0FF45368F25965AE8D9DF3A2C335E982CB40
                                                          Function 00EBB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 7cc13c2cf0b88b38446d0ba0790ad71fe08df8b25aca59cdf1986b19f6e71482
                                                          • Instruction ID: 55a977374f439a87709fc05b9903c89ed3d986f1f0ab686d9339389f8a4d9b89
                                                          • Opcode Fuzzy Hash: 7cc13c2cf0b88b38446d0ba0790ad71fe08df8b25aca59cdf1986b19f6e71482
                                                          • Instruction Fuzzy Hash: 4C126E719002299BDB24CF58C9806FEB7F5FF48710F1491AAE949FB251EB749E81CB90
                                                          Function 00F1EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • BlockInput.USER32(00000001), ref: 00F1EABD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: BlockInput
                                                          • String ID:
                                                          • API String ID: 3456056419-0
                                                          • Opcode ID: d8d3a36413e7f7e17f7d9d250a221627e984c5c653b9b01d7cdb4546225becf1
                                                          • Instruction ID: 4d933d789b7e66f1767f4961bfd60dce09a59eeb181dd12e143847a1c03742a8
                                                          • Opcode Fuzzy Hash: d8d3a36413e7f7e17f7d9d250a221627e984c5c653b9b01d7cdb4546225becf1
                                                          • Instruction Fuzzy Hash: B9E01A362002049FC710EF69D805E9AB7EAAF99770F049416FC4ADB351DA74A8809B91
                                                          Function 00EC09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00EC03EE), ref: 00EC09DA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled
                                                          • String ID:
                                                          • API String ID: 3192549508-0
                                                          • Opcode ID: 615179f6480b8272cbdb35affaf9d470a0cb2deb914b419b11a5d28edb46ba25
                                                          • Instruction ID: 771b2b77c6bb2f1a941d1bb19455100aa9e7cf8b76f8d00a15571796e651385c
                                                          • Opcode Fuzzy Hash: 615179f6480b8272cbdb35affaf9d470a0cb2deb914b419b11a5d28edb46ba25
                                                          • Instruction Fuzzy Hash:
                                                          Function 00EC781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0
                                                          • API String ID: 0-4108050209
                                                          • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                          • Instruction ID: e8703ae43e482367aa3becd2184bc34b4a252749c1f4910372db4a3c774242a5
                                                          • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                          • Instruction Fuzzy Hash: 8B51436260C7155ADB3C45288B5AFFE63D59B92348F18350DEAC2B7282C623DE43DF52
                                                          Function 00ED6DD9 Relevance: .6, Instructions: 637COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cac3d207367ffa40d03b70c7e8a93fe03bb12b9287a87ac28cdfc5a9998d7a0c
                                                          • Instruction ID: 7f64598e7141267ff8449bcbd4ea9f818e8aea2dbe4f3ae43092d4425e5af98d
                                                          • Opcode Fuzzy Hash: cac3d207367ffa40d03b70c7e8a93fe03bb12b9287a87ac28cdfc5a9998d7a0c
                                                          • Instruction Fuzzy Hash: E9323226D29F014DD7239634D822335A249EFB73C9F15E737FC6AB5AA6EB28C4835100
                                                          Function 00EBCC39 Relevance: .6, Instructions: 635COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 61d77059737787128f65c0080481c5822c3616a9aa461904f7c29657f0b60abd
                                                          • Instruction ID: 2e55a3edb2417c7d0b18e1bcc62e262972ecbc7d7dcff84cf82a65ec3a540b3b
                                                          • Opcode Fuzzy Hash: 61d77059737787128f65c0080481c5822c3616a9aa461904f7c29657f0b60abd
                                                          • Instruction Fuzzy Hash: F2321A31A0810D8BCF28CF29C6946FEBBA1EB45308F39B566D65AF7295D230DD81DB41
                                                          Function 00EA7920 Relevance: .6, Instructions: 563COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b2bda342ad588dd8fd420fd1c24b0d60ef110a2fe40a9743bf4865d529739ce
                                                          • Instruction ID: b43e6c79e4cafc34317018e45a2e3de94436bc648b820cef5186374e26317c2d
                                                          • Opcode Fuzzy Hash: 1b2bda342ad588dd8fd420fd1c24b0d60ef110a2fe40a9743bf4865d529739ce
                                                          • Instruction Fuzzy Hash: DE22BFB1A0060ADFDF14CF65C881AEEB3F6FF49304F106529E852BB291EB35A915CB50
                                                          Function 00EA91C0 Relevance: .5, Instructions: 475COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 620a55da2fa8574be58be6c90bded42bce84e21652ff4f45d949e9d59acb3885
                                                          • Instruction ID: b86c6f6331d10bfa16643282f99c5b61021bd465c98aebe5ab6299a282320d45
                                                          • Opcode Fuzzy Hash: 620a55da2fa8574be58be6c90bded42bce84e21652ff4f45d949e9d59acb3885
                                                          • Instruction Fuzzy Hash: D202A5B0A00249EBDF04DF65D881AAEB7F5FF44304F109169E816BB391EB71AE11CB91
                                                          Function 00ED9EEE Relevance: .3, Instructions: 294COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 26d089e3ba059d19d6dfaafd9a2640fb983be5d72f7441768c67a3ec3f48fcdf
                                                          • Instruction ID: db302cd5bfa851023dfdceafb06ed74ae0d1aabb047304a0043553f16470ed1a
                                                          • Opcode Fuzzy Hash: 26d089e3ba059d19d6dfaafd9a2640fb983be5d72f7441768c67a3ec3f48fcdf
                                                          • Instruction Fuzzy Hash: 69B11524D2AF444DD3239B398831336B65CAFBB6D5F91D71BFC1674D62EB2286835140
                                                          Function 00EC1C77 Relevance: .3, Instructions: 254COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                          • Instruction ID: 27c82be644c99014aad4890ff35f70629141fa12d9067a085730f5c35dc5bbeb
                                                          • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                          • Instruction Fuzzy Hash: 949188722080A34DD72D42398674A7DFFE15A933A631A17DDE4F3DA1C2EE21C566D620
                                                          Function 00EC19B0 Relevance: .2, Instructions: 240COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                          • Instruction ID: 39a3b8a13785b46ce7077ea818cfa48d99462ad9fadc9b3f657c1442f97198c1
                                                          • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                          • Instruction Fuzzy Hash: 5A91E9322090E34DDB2D427A8674A7DFFE14A933A531917DDD4F2DA1C2FD21C966DA20
                                                          Function 00EC7A4A Relevance: .2, Instructions: 237COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76b65c4a4e1ea586b43147fd2226f93657c0d1fd4826738cb1de69da71299534
                                                          • Instruction ID: 84807c7ac85f6fdabbb31417e8c679c46501ed0ead0ad9b28988ecdb5817266c
                                                          • Opcode Fuzzy Hash: 76b65c4a4e1ea586b43147fd2226f93657c0d1fd4826738cb1de69da71299534
                                                          • Instruction Fuzzy Hash: 1F613471208709A6DB349A288B95FFE6396DF41718F10391EF8C2FB281DA139E438F55
                                                          Function 00EC7CA7 Relevance: .2, Instructions: 237COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8df2dd491671b59bc55f963c6c8342ea5c8bc1440af0442be634b2e7ce0bfaa
                                                          • Instruction ID: 72b481cd030fd936ffd3c7808a67e45f631893c034028a31d2fd0059382b54a9
                                                          • Opcode Fuzzy Hash: b8df2dd491671b59bc55f963c6c8342ea5c8bc1440af0442be634b2e7ce0bfaa
                                                          • Instruction Fuzzy Hash: AF6136726087096ADA385A284B52FFE2B94AF43748F10395DF8C3FB281D613AD43CE55
                                                          Function 00EC1706 Relevance: .2, Instructions: 232COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                          • Instruction ID: 8b5a148aad37082fb1dd3e1f14686d7c39e7f9690c8b7090cefd3b2d8c4a8888
                                                          • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                          • Instruction Fuzzy Hash: 1D81863350C0A349DB2D42398634A7EFFE15A933A531A17DED4F2DA1C3EE25C566E620
                                                          Function 00EF3CEB Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 56965f11d3c70baa97036058162285847be5953c396adf16c72242fb847c4223
                                                          • Instruction ID: c7f3eff5dadfc8ee0ec0c9d0144ba47df388dfb6d9dba30ebed4b7da0fa7c495
                                                          • Opcode Fuzzy Hash: 56965f11d3c70baa97036058162285847be5953c396adf16c72242fb847c4223
                                                          • Instruction Fuzzy Hash: 2D216586E1D3CAAFD75295F448B96D57FD04C2353439A24BFCA821B083F48F458E9B42
                                                          Function 00F12046 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b6dfc6a592c8455f58af505ebecd10986076865d597fd3c4d071f0c123be6106
                                                          • Instruction ID: 66074fab0b127f09ebc2e71d44f0101bba43941070b4409a1b40aaa98eb31b6f
                                                          • Opcode Fuzzy Hash: b6dfc6a592c8455f58af505ebecd10986076865d597fd3c4d071f0c123be6106
                                                          • Instruction Fuzzy Hash: 0D21A5327206158BD768CF79C8226BE73E5A754320F15862EE4A7C37D1DE3AA944DB80
                                                          Function 00F22ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteObject.GDI32(00000000), ref: 00F22B30
                                                          • DeleteObject.GDI32(00000000), ref: 00F22B43
                                                          • DestroyWindow.USER32 ref: 00F22B52
                                                          • GetDesktopWindow.USER32 ref: 00F22B6D
                                                          • GetWindowRect.USER32(00000000), ref: 00F22B74
                                                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00F22CA3
                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00F22CB1
                                                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F22CF8
                                                          • GetClientRect.USER32(00000000,?), ref: 00F22D04
                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00F22D40
                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F22D62
                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F22D75
                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F22D80
                                                          • GlobalLock.KERNEL32(00000000), ref: 00F22D89
                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F22D98
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00F22DA1
                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F22DA8
                                                          • GlobalFree.KERNEL32(00000000), ref: 00F22DB3
                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F22DC5
                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,00F3FC38,00000000), ref: 00F22DDB
                                                          • GlobalFree.KERNEL32(00000000), ref: 00F22DEB
                                                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00F22E11
                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00F22E30
                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F22E52
                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F2303F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                          • API String ID: 2211948467-2373415609
                                                          • Opcode ID: 1cc6388bc4fdd64b31a799f91d9fac53aa1d71333933962f8df271f266589036
                                                          • Instruction ID: be3fe54ad30ed787f8e02dc03e1418b566dc0a4d80ef45878aed300345496c4b
                                                          • Opcode Fuzzy Hash: 1cc6388bc4fdd64b31a799f91d9fac53aa1d71333933962f8df271f266589036
                                                          • Instruction Fuzzy Hash: D6027171900219AFDB14DF64DC89EAE7BBAFF49320F048158F915AB2A1C774ED01DBA0
                                                          Function 00F370D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetTextColor.GDI32(?,00000000), ref: 00F3712F
                                                          • GetSysColorBrush.USER32(0000000F), ref: 00F37160
                                                          • GetSysColor.USER32(0000000F), ref: 00F3716C
                                                          • SetBkColor.GDI32(?,000000FF), ref: 00F37186
                                                          • SelectObject.GDI32(?,?), ref: 00F37195
                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 00F371C0
                                                          • GetSysColor.USER32(00000010), ref: 00F371C8
                                                          • CreateSolidBrush.GDI32(00000000), ref: 00F371CF
                                                          • FrameRect.USER32(?,?,00000000), ref: 00F371DE
                                                          • DeleteObject.GDI32(00000000), ref: 00F371E5
                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 00F37230
                                                          • FillRect.USER32(?,?,?), ref: 00F37262
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F37284
                                                            • Part of subcall function 00F373E8: GetSysColor.USER32(00000012), ref: 00F37421
                                                            • Part of subcall function 00F373E8: SetTextColor.GDI32(?,?), ref: 00F37425
                                                            • Part of subcall function 00F373E8: GetSysColorBrush.USER32(0000000F), ref: 00F3743B
                                                            • Part of subcall function 00F373E8: GetSysColor.USER32(0000000F), ref: 00F37446
                                                            • Part of subcall function 00F373E8: GetSysColor.USER32(00000011), ref: 00F37463
                                                            • Part of subcall function 00F373E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F37471
                                                            • Part of subcall function 00F373E8: SelectObject.GDI32(?,00000000), ref: 00F37482
                                                            • Part of subcall function 00F373E8: SetBkColor.GDI32(?,00000000), ref: 00F3748B
                                                            • Part of subcall function 00F373E8: SelectObject.GDI32(?,?), ref: 00F37498
                                                            • Part of subcall function 00F373E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00F374B7
                                                            • Part of subcall function 00F373E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F374CE
                                                            • Part of subcall function 00F373E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00F374DB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                          • String ID:
                                                          • API String ID: 4124339563-0
                                                          • Opcode ID: f0757ae5c1ed7d46312159510656f9b9ba5882b4d64cedab0adbfb9d1030ec2f
                                                          • Instruction ID: 7847077199f13868ce57b572f1d1e4f496c5307a914630956e471dffa02dba64
                                                          • Opcode Fuzzy Hash: f0757ae5c1ed7d46312159510656f9b9ba5882b4d64cedab0adbfb9d1030ec2f
                                                          • Instruction Fuzzy Hash: 09A1A272408305AFDB10AF60DC48E5B7BAAFF49330F140A19F962A61E1D771E944EF91
                                                          Function 00EB8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(?,?), ref: 00EB8E14
                                                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 00EF6AC5
                                                          • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00EF6AFE
                                                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00EF6F43
                                                            • Part of subcall function 00EB8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00EB8BE8,?,00000000,?,?,?,?,00EB8BBA,00000000,?), ref: 00EB8FC5
                                                          • SendMessageW.USER32(?,00001053), ref: 00EF6F7F
                                                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00EF6F96
                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00EF6FAC
                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00EF6FB7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                          • String ID: 0
                                                          • API String ID: 2760611726-4108050209
                                                          • Opcode ID: 7790bc3a06199aa5e0e8608c2bef96702dc0d04f43f15d67dd76254390491692
                                                          • Instruction ID: 76703ecaeea577305dfaadaeb679542c5b04a5a323ab4d8c3a7630b8e3593b74
                                                          • Opcode Fuzzy Hash: 7790bc3a06199aa5e0e8608c2bef96702dc0d04f43f15d67dd76254390491692
                                                          • Instruction Fuzzy Hash: 98129D31200209DFDB25DF18CD44BB6B7F5FB44314F14A469E689AB261CB31EC96EB92
                                                          Function 00F22711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(00000000), ref: 00F2273E
                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00F2286A
                                                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00F228A9
                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00F228B9
                                                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00F22900
                                                          • GetClientRect.USER32(00000000,?), ref: 00F2290C
                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00F22955
                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00F22964
                                                          • GetStockObject.GDI32(00000011), ref: 00F22974
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00F22978
                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00F22988
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F22991
                                                          • DeleteDC.GDI32(00000000), ref: 00F2299A
                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00F229C6
                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 00F229DD
                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00F22A1D
                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00F22A31
                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 00F22A42
                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00F22A77
                                                          • GetStockObject.GDI32(00000011), ref: 00F22A82
                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00F22A8D
                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00F22A97
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                          • API String ID: 2910397461-517079104
                                                          • Opcode ID: 32c46dffaa973ffd13b0a36bdf8222d9a19d7b5bfff99261c74b41511d6e0c5f
                                                          • Instruction ID: b020b6323ed21ab402a00e99c8eef9948b662bd1cdec52b15781e45a36fe5e7f
                                                          • Opcode Fuzzy Hash: 32c46dffaa973ffd13b0a36bdf8222d9a19d7b5bfff99261c74b41511d6e0c5f
                                                          • Instruction Fuzzy Hash: 66B15C71A00219AFEB14DF68DC8AFAE7BA9FB08720F004155F915EB291D774ED40DB90
                                                          Function 00F14ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNEL32(00000001), ref: 00F14AED
                                                          • GetDriveTypeW.KERNEL32(?,00F3CB68,?,\\.\,00F3CC08), ref: 00F14BCA
                                                          • SetErrorMode.KERNEL32(00000000,00F3CB68,?,\\.\,00F3CC08), ref: 00F14D36
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorMode$DriveType
                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                          • API String ID: 2907320926-4222207086
                                                          • Opcode ID: 26ea4a843991587b3b30faab5a4c0eeccd34e3743c40265abfe2cda1fdea6e63
                                                          • Instruction ID: a11c5bd58551bf956fc516b3ac3f5150232e49adcc953954fbbbcaea4383a941
                                                          • Opcode Fuzzy Hash: 26ea4a843991587b3b30faab5a4c0eeccd34e3743c40265abfe2cda1fdea6e63
                                                          • Instruction Fuzzy Hash: 88617431B05105DBCB08DF24CA81EE9B7A1ABCA754B244455F806EB692DB35FD81FBC2
                                                          Function 00F373E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetSysColor.USER32(00000012), ref: 00F37421
                                                          • SetTextColor.GDI32(?,?), ref: 00F37425
                                                          • GetSysColorBrush.USER32(0000000F), ref: 00F3743B
                                                          • GetSysColor.USER32(0000000F), ref: 00F37446
                                                          • CreateSolidBrush.GDI32(?), ref: 00F3744B
                                                          • GetSysColor.USER32(00000011), ref: 00F37463
                                                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F37471
                                                          • SelectObject.GDI32(?,00000000), ref: 00F37482
                                                          • SetBkColor.GDI32(?,00000000), ref: 00F3748B
                                                          • SelectObject.GDI32(?,?), ref: 00F37498
                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 00F374B7
                                                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F374CE
                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00F374DB
                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F3752A
                                                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00F37554
                                                          • InflateRect.USER32(?,000000FD,000000FD), ref: 00F37572
                                                          • DrawFocusRect.USER32(?,?), ref: 00F3757D
                                                          • GetSysColor.USER32(00000011), ref: 00F3758E
                                                          • SetTextColor.GDI32(?,00000000), ref: 00F37596
                                                          • DrawTextW.USER32(?,00F370F5,000000FF,?,00000000), ref: 00F375A8
                                                          • SelectObject.GDI32(?,?), ref: 00F375BF
                                                          • DeleteObject.GDI32(?), ref: 00F375CA
                                                          • SelectObject.GDI32(?,?), ref: 00F375D0
                                                          • DeleteObject.GDI32(?), ref: 00F375D5
                                                          • SetTextColor.GDI32(?,?), ref: 00F375DB
                                                          • SetBkColor.GDI32(?,?), ref: 00F375E5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                          • String ID:
                                                          • API String ID: 1996641542-0
                                                          • Opcode ID: 95ebd449231071007271f55d3c7c1938bd4889220f814033dd33ac28924ede34
                                                          • Instruction ID: cc3d1b8e8364e9762b95a41afd2081abcaadf467b97d17dc13d8a935c279e9de
                                                          • Opcode Fuzzy Hash: 95ebd449231071007271f55d3c7c1938bd4889220f814033dd33ac28924ede34
                                                          • Instruction Fuzzy Hash: D2615E72D00218AFDF11AFA4DC49AEE7FBAEB08330F154115F915BB2A1D775A940EB90
                                                          Function 00F30FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCursorPos.USER32(?), ref: 00F31128
                                                          • GetDesktopWindow.USER32 ref: 00F3113D
                                                          • GetWindowRect.USER32(00000000), ref: 00F31144
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F31199
                                                          • DestroyWindow.USER32(?), ref: 00F311B9
                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00F311ED
                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F3120B
                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00F3121D
                                                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 00F31232
                                                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00F31245
                                                          • IsWindowVisible.USER32(00000000), ref: 00F312A1
                                                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00F312BC
                                                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00F312D0
                                                          • GetWindowRect.USER32(00000000,?), ref: 00F312E8
                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 00F3130E
                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 00F31328
                                                          • CopyRect.USER32(?,?), ref: 00F3133F
                                                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 00F313AA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                          • String ID: ($0$tooltips_class32
                                                          • API String ID: 698492251-4156429822
                                                          • Opcode ID: 5c534db3dc08d056fb050fb35b9d88bd1e8e91155e3ff243672634c909ddae8d
                                                          • Instruction ID: 73dac931948d56df292a03432614cde00edc95f66980e9a1d33353f43ee50573
                                                          • Opcode Fuzzy Hash: 5c534db3dc08d056fb050fb35b9d88bd1e8e91155e3ff243672634c909ddae8d
                                                          • Instruction Fuzzy Hash: C5B16D71A04341AFD714DF64C885B6FBBE5FF89360F008918F999AB262C771E844DB91
                                                          Function 00F30241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharUpperBuffW.USER32(?,?), ref: 00F302E5
                                                          • _wcslen.LIBCMT ref: 00F3031F
                                                          • _wcslen.LIBCMT ref: 00F30389
                                                          • _wcslen.LIBCMT ref: 00F303F1
                                                          • _wcslen.LIBCMT ref: 00F30475
                                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00F304C5
                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00F30504
                                                            • Part of subcall function 00EBF9F2: _wcslen.LIBCMT ref: 00EBF9FD
                                                            • Part of subcall function 00F0223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F02258
                                                            • Part of subcall function 00F0223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00F0228A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                          • API String ID: 1103490817-719923060
                                                          • Opcode ID: 9c24ba992fc4f1f54c09543186927e7b1daf96109531a67d57f048b6f32f0b43
                                                          • Instruction ID: 67f90d58ecc1afdeeb17a674c6de07ddc4800a4725f404f950f5447fb00c03c6
                                                          • Opcode Fuzzy Hash: 9c24ba992fc4f1f54c09543186927e7b1daf96109531a67d57f048b6f32f0b43
                                                          • Instruction Fuzzy Hash: 94E190316183018FC714DF24C96192AB3E6BFC8724F14496EF896AB2A6DB30ED45EB51
                                                          Function 00EB8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00EB8968
                                                          • GetSystemMetrics.USER32(00000007), ref: 00EB8970
                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00EB899B
                                                          • GetSystemMetrics.USER32(00000008), ref: 00EB89A3
                                                          • GetSystemMetrics.USER32(00000004), ref: 00EB89C8
                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00EB89E5
                                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00EB89F5
                                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00EB8A28
                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00EB8A3C
                                                          • GetClientRect.USER32(00000000,000000FF), ref: 00EB8A5A
                                                          • GetStockObject.GDI32(00000011), ref: 00EB8A76
                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00EB8A81
                                                            • Part of subcall function 00EB912D: GetCursorPos.USER32(?), ref: 00EB9141
                                                            • Part of subcall function 00EB912D: ScreenToClient.USER32(00000000,?), ref: 00EB915E
                                                            • Part of subcall function 00EB912D: GetAsyncKeyState.USER32(00000001), ref: 00EB9183
                                                            • Part of subcall function 00EB912D: GetAsyncKeyState.USER32(00000002), ref: 00EB919D
                                                          • SetTimer.USER32(00000000,00000000,00000028,00EB90FC), ref: 00EB8AA8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                          • String ID: AutoIt v3 GUI
                                                          • API String ID: 1458621304-248962490
                                                          • Opcode ID: 32b063ac2f78b2d26791c14031331fe4426791c8cd5e799abf72009f9e965f09
                                                          • Instruction ID: 2c9fc640aef0ee94fb447811d336954b22dc629a16d95bdcd65f02105142b05b
                                                          • Opcode Fuzzy Hash: 32b063ac2f78b2d26791c14031331fe4426791c8cd5e799abf72009f9e965f09
                                                          • Instruction Fuzzy Hash: 2EB17A71A00209AFDF14DFA8DD45BEE3BB5FB48314F14522AFA19B7290DB30A841DB51
                                                          Function 00F00D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F010F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F01114
                                                            • Part of subcall function 00F010F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00F00B9B,?,?,?), ref: 00F01120
                                                            • Part of subcall function 00F010F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F00B9B,?,?,?), ref: 00F0112F
                                                            • Part of subcall function 00F010F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F00B9B,?,?,?), ref: 00F01136
                                                            • Part of subcall function 00F010F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F0114D
                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F00DF5
                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F00E29
                                                          • GetLengthSid.ADVAPI32(?), ref: 00F00E40
                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00F00E7A
                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F00E96
                                                          • GetLengthSid.ADVAPI32(?), ref: 00F00EAD
                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00F00EB5
                                                          • HeapAlloc.KERNEL32(00000000), ref: 00F00EBC
                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F00EDD
                                                          • CopySid.ADVAPI32(00000000), ref: 00F00EE4
                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F00F13
                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F00F35
                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F00F47
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F00F6E
                                                          • HeapFree.KERNEL32(00000000), ref: 00F00F75
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F00F7E
                                                          • HeapFree.KERNEL32(00000000), ref: 00F00F85
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F00F8E
                                                          • HeapFree.KERNEL32(00000000), ref: 00F00F95
                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00F00FA1
                                                          • HeapFree.KERNEL32(00000000), ref: 00F00FA8
                                                            • Part of subcall function 00F01193: GetProcessHeap.KERNEL32(00000008,00F00BB1,?,00000000,?,00F00BB1,?), ref: 00F011A1
                                                            • Part of subcall function 00F01193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00F00BB1,?), ref: 00F011A8
                                                            • Part of subcall function 00F01193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00F00BB1,?), ref: 00F011B7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                          • String ID:
                                                          • API String ID: 4175595110-0
                                                          • Opcode ID: 8a017de695470c1814d5394ece2490779548de64a8536352b12e4615179b9258
                                                          • Instruction ID: d4b2fdc964dd832a38b9ae446b59a58f3dadf970e1f8120dc1d118ddd335d5ff
                                                          • Opcode Fuzzy Hash: 8a017de695470c1814d5394ece2490779548de64a8536352b12e4615179b9258
                                                          • Instruction Fuzzy Hash: 05716D7290020AABDF209FA5DC44FAEBBB9FF05322F044115FA59F6191DB319905FBA0
                                                          Function 00F2C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F2C4BD
                                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,00F3CC08,00000000,?,00000000,?,?), ref: 00F2C544
                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00F2C5A4
                                                          • _wcslen.LIBCMT ref: 00F2C5F4
                                                          • _wcslen.LIBCMT ref: 00F2C66F
                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00F2C6B2
                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00F2C7C1
                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00F2C84D
                                                          • RegCloseKey.ADVAPI32(?), ref: 00F2C881
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00F2C88E
                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00F2C960
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                          • API String ID: 9721498-966354055
                                                          • Opcode ID: e32dca715a2f30ad382781e04c5ffb206d027206894f4d641f78f98fb9adc4ea
                                                          • Instruction ID: 39d94011ff3825e0f6d10740ae84ed01aa998924cd62d6d7cbb4ea7ab2c60132
                                                          • Opcode Fuzzy Hash: e32dca715a2f30ad382781e04c5ffb206d027206894f4d641f78f98fb9adc4ea
                                                          • Instruction Fuzzy Hash: 4A127B756042119FC714EF14D891A2AB7E5EF89724F15885CF88AAB3A2DB31FC41DB81
                                                          Function 00F3091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharUpperBuffW.USER32(?,?), ref: 00F309C6
                                                          • _wcslen.LIBCMT ref: 00F30A01
                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F30A54
                                                          • _wcslen.LIBCMT ref: 00F30A8A
                                                          • _wcslen.LIBCMT ref: 00F30B06
                                                          • _wcslen.LIBCMT ref: 00F30B81
                                                            • Part of subcall function 00EBF9F2: _wcslen.LIBCMT ref: 00EBF9FD
                                                            • Part of subcall function 00F02BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F02BFA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                          • API String ID: 1103490817-4258414348
                                                          • Opcode ID: 3950c4f616d457028edc5b1b332c79ec0dbaf719524c0c3d0fca3b1405ff7b87
                                                          • Instruction ID: 83d9dd5b971f8103d18e41ae7fccf96e0684e947a81cc00ea0ae666691f1ecb2
                                                          • Opcode Fuzzy Hash: 3950c4f616d457028edc5b1b332c79ec0dbaf719524c0c3d0fca3b1405ff7b87
                                                          • Instruction Fuzzy Hash: 70E1A1316083019FCB14EF24C46092AB7E1BFD9364F14495EF896AB3A2DB31ED45EB81
                                                          Function 00F2C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$BuffCharUpper
                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                          • API String ID: 1256254125-909552448
                                                          • Opcode ID: 7e73445e2de50f29843250843014e2a194fc94f97d04f5f7996cf2d4b346d70b
                                                          • Instruction ID: 3bead41573d20bbec15ca3efbe8537b8b4444fed0e0fbc86c24ed4a572978f0e
                                                          • Opcode Fuzzy Hash: 7e73445e2de50f29843250843014e2a194fc94f97d04f5f7996cf2d4b346d70b
                                                          • Instruction Fuzzy Hash: 8E71F533E0017A8BCB20DE7CED616BF3391AFA1764B150128F856AB285E635DD45B7D0
                                                          Function 00F3833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 00F3835A
                                                          • _wcslen.LIBCMT ref: 00F3836E
                                                          • _wcslen.LIBCMT ref: 00F38391
                                                          • _wcslen.LIBCMT ref: 00F383B4
                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00F383F2
                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00F35BF2), ref: 00F3844E
                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F38487
                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00F384CA
                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F38501
                                                          • FreeLibrary.KERNEL32(?), ref: 00F3850D
                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00F3851D
                                                          • DestroyIcon.USER32(?,?,?,?,?,00F35BF2), ref: 00F3852C
                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00F38549
                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00F38555
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                          • String ID: .dll$.exe$.icl
                                                          • API String ID: 799131459-1154884017
                                                          • Opcode ID: 636f7e95eff3829f3944c0c7af50f041317991966ecbad877c4097c4088c3954
                                                          • Instruction ID: 9246ada8da03cda542e605fa6a1f4203aea2f52bd17288df936ef49259840cab
                                                          • Opcode Fuzzy Hash: 636f7e95eff3829f3944c0c7af50f041317991966ecbad877c4097c4088c3954
                                                          • Instruction Fuzzy Hash: DF61B072940319BAEB14DF64CC41BFE77A8BF08771F104609F815E61D1DB79A981E7A0
                                                          Function 00EA7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                          • API String ID: 0-1645009161
                                                          • Opcode ID: f910b97e84bdd559fb6f3ca653d2134048052171f381408a341a76772d40f8ea
                                                          • Instruction ID: 5832a2d4c33b615900853e896b24cd1ff63536b6fa7e69e88a14ac9a48ef3fc9
                                                          • Opcode Fuzzy Hash: f910b97e84bdd559fb6f3ca653d2134048052171f381408a341a76772d40f8ea
                                                          • Instruction Fuzzy Hash: D381F671A04605BBDB20EF60DD42FEF37A8AF5A304F046025F944BE192EB75E911D7A1
                                                          Function 00F13E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharLowerBuffW.USER32(?,?), ref: 00F13EF8
                                                          • _wcslen.LIBCMT ref: 00F13F03
                                                          • _wcslen.LIBCMT ref: 00F13F5A
                                                          • _wcslen.LIBCMT ref: 00F13F98
                                                          • GetDriveTypeW.KERNEL32(?), ref: 00F13FD6
                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F1401E
                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F14059
                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F14087
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                          • API String ID: 1839972693-4113822522
                                                          • Opcode ID: b52c78425b84ede867b3509d5068a5cf01175d710d63b4db38e79359ac9401ea
                                                          • Instruction ID: 84dfaca74e6df33644a7358865a8a60c1a0ed83e6c5dd82c1c6c0aaa027356b4
                                                          • Opcode Fuzzy Hash: b52c78425b84ede867b3509d5068a5cf01175d710d63b4db38e79359ac9401ea
                                                          • Instruction Fuzzy Hash: 7671F532A042119FC710DF34C8809AAB7F4EF99768F10492DF895E7251EB31ED8ADB91
                                                          Function 00F05A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadIconW.USER32(00000063), ref: 00F05A2E
                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00F05A40
                                                          • SetWindowTextW.USER32(?,?), ref: 00F05A57
                                                          • GetDlgItem.USER32(?,000003EA), ref: 00F05A6C
                                                          • SetWindowTextW.USER32(00000000,?), ref: 00F05A72
                                                          • GetDlgItem.USER32(?,000003E9), ref: 00F05A82
                                                          • SetWindowTextW.USER32(00000000,?), ref: 00F05A88
                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00F05AA9
                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00F05AC3
                                                          • GetWindowRect.USER32(?,?), ref: 00F05ACC
                                                          • _wcslen.LIBCMT ref: 00F05B33
                                                          • SetWindowTextW.USER32(?,?), ref: 00F05B6F
                                                          • GetDesktopWindow.USER32 ref: 00F05B75
                                                          • GetWindowRect.USER32(00000000), ref: 00F05B7C
                                                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00F05BD3
                                                          • GetClientRect.USER32(?,?), ref: 00F05BE0
                                                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 00F05C05
                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00F05C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                          • String ID:
                                                          • API String ID: 895679908-0
                                                          • Opcode ID: 60fb29a81df242f1799b6dde487ebffbb55bd0f9b723d17f32c2ab3023103c19
                                                          • Instruction ID: b4429cd0edea73c0f8416f52c967c3f26cc8bcffa89bbe551297d4e9da3b911f
                                                          • Opcode Fuzzy Hash: 60fb29a81df242f1799b6dde487ebffbb55bd0f9b723d17f32c2ab3023103c19
                                                          • Instruction Fuzzy Hash: 9D717C71A00B09AFDB20DFA8CE85A6FBBF5FF48B14F104518E546A25A0D7B5E940EF50
                                                          Function 00F1FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 00F1FE27
                                                          • LoadCursorW.USER32(00000000,00007F8A), ref: 00F1FE32
                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00F1FE3D
                                                          • LoadCursorW.USER32(00000000,00007F03), ref: 00F1FE48
                                                          • LoadCursorW.USER32(00000000,00007F8B), ref: 00F1FE53
                                                          • LoadCursorW.USER32(00000000,00007F01), ref: 00F1FE5E
                                                          • LoadCursorW.USER32(00000000,00007F81), ref: 00F1FE69
                                                          • LoadCursorW.USER32(00000000,00007F88), ref: 00F1FE74
                                                          • LoadCursorW.USER32(00000000,00007F80), ref: 00F1FE7F
                                                          • LoadCursorW.USER32(00000000,00007F86), ref: 00F1FE8A
                                                          • LoadCursorW.USER32(00000000,00007F83), ref: 00F1FE95
                                                          • LoadCursorW.USER32(00000000,00007F85), ref: 00F1FEA0
                                                          • LoadCursorW.USER32(00000000,00007F82), ref: 00F1FEAB
                                                          • LoadCursorW.USER32(00000000,00007F84), ref: 00F1FEB6
                                                          • LoadCursorW.USER32(00000000,00007F04), ref: 00F1FEC1
                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 00F1FECC
                                                          • GetCursorInfo.USER32(?), ref: 00F1FEDC
                                                          • GetLastError.KERNEL32 ref: 00F1FF1E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Cursor$Load$ErrorInfoLast
                                                          • String ID:
                                                          • API String ID: 3215588206-0
                                                          • Opcode ID: 9bb2c952f15c882f7b4aa4cc230e5192204a4fb696bce99ad3868bcf68093732
                                                          • Instruction ID: 94a3d67b6f4765b135adc08616e34ccbe90f5e9c4dbf3ad8a231c138508e47e2
                                                          • Opcode Fuzzy Hash: 9bb2c952f15c882f7b4aa4cc230e5192204a4fb696bce99ad3868bcf68093732
                                                          • Instruction Fuzzy Hash: 094154B0D043196EDB109FBA8C8585EBFE8FF04364B54452AF11DEB281DB78A941CF91
                                                          Function 00EC00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00EC00C6
                                                            • Part of subcall function 00EC00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00F7070C,00000FA0,322C697F,?,?,?,?,00EE23B3,000000FF), ref: 00EC011C
                                                            • Part of subcall function 00EC00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00EE23B3,000000FF), ref: 00EC0127
                                                            • Part of subcall function 00EC00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00EE23B3,000000FF), ref: 00EC0138
                                                            • Part of subcall function 00EC00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00EC014E
                                                            • Part of subcall function 00EC00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00EC015C
                                                            • Part of subcall function 00EC00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00EC016A
                                                            • Part of subcall function 00EC00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00EC0195
                                                            • Part of subcall function 00EC00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00EC01A0
                                                          • ___scrt_fastfail.LIBCMT ref: 00EC00E7
                                                            • Part of subcall function 00EC00A3: __onexit.LIBCMT ref: 00EC00A9
                                                          Strings
                                                          • WakeAllConditionVariable, xrefs: 00EC0162
                                                          • InitializeConditionVariable, xrefs: 00EC0148
                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00EC0122
                                                          • SleepConditionVariableCS, xrefs: 00EC0154
                                                          • kernel32.dll, xrefs: 00EC0133
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                          • API String ID: 66158676-1714406822
                                                          • Opcode ID: c6c06f9648e224076d5b363031f81d608a5ef552a77e922cee4d01bb05c2d1d4
                                                          • Instruction ID: 848242928cdfc57184c43be0943b01f7eb75c24fe72ece99087d6f2c597e1352
                                                          • Opcode Fuzzy Hash: c6c06f9648e224076d5b363031f81d608a5ef552a77e922cee4d01bb05c2d1d4
                                                          • Instruction Fuzzy Hash: 5C21F232A45315EBE7106BA4AD0AF6AB2E4DB04B71F04112EF805F3291DFA19801AA92
                                                          Function 00F030F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                          • API String ID: 176396367-1603158881
                                                          • Opcode ID: a30d478fa063a06f352809bf97248b3ec34ba8604d0c3286e707f3c12d1411bd
                                                          • Instruction ID: 764e803ec30c0999d595cc2d23ef57a6ae356aa40a011fd1dc9412234e1706e8
                                                          • Opcode Fuzzy Hash: a30d478fa063a06f352809bf97248b3ec34ba8604d0c3286e707f3c12d1411bd
                                                          • Instruction Fuzzy Hash: 08E1C432E00516ABCB18DFA8C851BFEBBB9BF54720F548119E456B7290DB30AE45B790
                                                          Function 00F144C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharLowerBuffW.USER32(00000000,00000000,00F3CC08), ref: 00F14527
                                                          • _wcslen.LIBCMT ref: 00F1453B
                                                          • _wcslen.LIBCMT ref: 00F14599
                                                          • _wcslen.LIBCMT ref: 00F145F4
                                                          • _wcslen.LIBCMT ref: 00F1463F
                                                          • _wcslen.LIBCMT ref: 00F146A7
                                                            • Part of subcall function 00EBF9F2: _wcslen.LIBCMT ref: 00EBF9FD
                                                          • GetDriveTypeW.KERNEL32(?,00F66BF0,00000061), ref: 00F14743
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$BuffCharDriveLowerType
                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                          • API String ID: 2055661098-1000479233
                                                          • Opcode ID: 2193e52c7ed2b44495ee9be4343c0994138d6a65ef91e0e260c3c6cd50e45ddc
                                                          • Instruction ID: c17c8c1f9450199306cd0641feed6bf7c8ff9e0c7b309b8b0373addaf1bc66d3
                                                          • Opcode Fuzzy Hash: 2193e52c7ed2b44495ee9be4343c0994138d6a65ef91e0e260c3c6cd50e45ddc
                                                          • Instruction Fuzzy Hash: 2CB10071A083029FC710DF28C890AAAF7E5AFEA764F54491DF496D7291D730E884DB92
                                                          Function 00F23FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,00F3CC08), ref: 00F240BB
                                                          • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00F240CD
                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00F3CC08), ref: 00F240F2
                                                          • FreeLibrary.KERNEL32(00000000,?,00F3CC08), ref: 00F2413E
                                                          • StringFromGUID2.OLE32(?,?,00000028,?,00F3CC08), ref: 00F241A8
                                                          • SysFreeString.OLEAUT32(00000009), ref: 00F24262
                                                          • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00F242C8
                                                          • SysFreeString.OLEAUT32(?), ref: 00F242F2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                          • String ID: GetModuleHandleExW$kernel32.dll
                                                          • API String ID: 354098117-199464113
                                                          • Opcode ID: 8eabcc2f5e913544ac9e29eec4b66cbe452e0c1c225b5bae640234b0de77ada4
                                                          • Instruction ID: a3228eeb5d711891c624a745c68f9a25c2368aabb6574fdfa320558033691bbd
                                                          • Opcode Fuzzy Hash: 8eabcc2f5e913544ac9e29eec4b66cbe452e0c1c225b5bae640234b0de77ada4
                                                          • Instruction Fuzzy Hash: 24123A75A00129EFDB14DF94D884EAEBBB5FF49324F248098E905AB251C771FD42DBA0
                                                          Function 00EA326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemCount.USER32(00F71990), ref: 00EE2F8D
                                                          • GetMenuItemCount.USER32(00F71990), ref: 00EE303D
                                                          • GetCursorPos.USER32(?), ref: 00EE3081
                                                          • SetForegroundWindow.USER32(00000000), ref: 00EE308A
                                                          • TrackPopupMenuEx.USER32(00F71990,00000000,?,00000000,00000000,00000000), ref: 00EE309D
                                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00EE30A9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                          • String ID: 0
                                                          • API String ID: 36266755-4108050209
                                                          • Opcode ID: a8c613fad984172a1bd42623a4d10482ae75498e8a641cfdd71e9fa4d2db4298
                                                          • Instruction ID: c4791b538da4e6861e6aed7450fd3307ac6aa7f2834256d41cb90a97be2ce97d
                                                          • Opcode Fuzzy Hash: a8c613fad984172a1bd42623a4d10482ae75498e8a641cfdd71e9fa4d2db4298
                                                          • Instruction Fuzzy Hash: 35711731644259BEEB218F35CC49FAABF69FF05368F244206F6147A1E0C7B1AD50DB90
                                                          Function 00F36CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(00000000,?), ref: 00F36DEB
                                                            • Part of subcall function 00EA6B57: _wcslen.LIBCMT ref: 00EA6B6A
                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00F36E5F
                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00F36E81
                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F36E94
                                                          • DestroyWindow.USER32(?), ref: 00F36EB5
                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00EA0000,00000000), ref: 00F36EE4
                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F36EFD
                                                          • GetDesktopWindow.USER32 ref: 00F36F16
                                                          • GetWindowRect.USER32(00000000), ref: 00F36F1D
                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00F36F35
                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00F36F4D
                                                            • Part of subcall function 00EB9944: GetWindowLongW.USER32(?,000000EB), ref: 00EB9952
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                          • String ID: 0$tooltips_class32
                                                          • API String ID: 2429346358-3619404913
                                                          • Opcode ID: 52839a9fb1340a41db45f3b064105374a97d1a7cad76d93eb6c9e02de273753e
                                                          • Instruction ID: aaac000ff774c922d7b98091148891982702e40ba6871b69293124b324155937
                                                          • Opcode Fuzzy Hash: 52839a9fb1340a41db45f3b064105374a97d1a7cad76d93eb6c9e02de273753e
                                                          • Instruction Fuzzy Hash: 8D717C74504244AFDB21CF28D844B6ABBF9FB89324F04441DFA89D7261D770E94AEB26
                                                          Function 00F3911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EB9BB2
                                                          • DragQueryPoint.SHELL32(?,?), ref: 00F39147
                                                            • Part of subcall function 00F37674: ClientToScreen.USER32(?,?), ref: 00F3769A
                                                            • Part of subcall function 00F37674: GetWindowRect.USER32(?,?), ref: 00F37710
                                                            • Part of subcall function 00F37674: PtInRect.USER32(?,?,00F38B89), ref: 00F37720
                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00F391B0
                                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00F391BB
                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00F391DE
                                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00F39225
                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00F3923E
                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00F39255
                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00F39277
                                                          • DragFinish.SHELL32(?), ref: 00F3927E
                                                          • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00F39371
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                          • API String ID: 221274066-3440237614
                                                          • Opcode ID: a39100156e0972d24a14409bdd55910c06d9bf41fb1c2d4bb207397a0efa0129
                                                          • Instruction ID: 323ca1d413b25bdb7bddc2ea99b6fb70c07b6da3d505f3dff82850da098d4252
                                                          • Opcode Fuzzy Hash: a39100156e0972d24a14409bdd55910c06d9bf41fb1c2d4bb207397a0efa0129
                                                          • Instruction Fuzzy Hash: CE619C71108304AFD300EF54DC85DAFBBE9EF89360F00091EF595A72A1DB70AA49DB92
                                                          Function 00F1C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F1C4B0
                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00F1C4C3
                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00F1C4D7
                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00F1C4F0
                                                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00F1C533
                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00F1C549
                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F1C554
                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00F1C584
                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00F1C5DC
                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00F1C5F0
                                                          • InternetCloseHandle.WININET(00000000), ref: 00F1C5FB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                          • String ID:
                                                          • API String ID: 3800310941-3916222277
                                                          • Opcode ID: 3f1c30919355722f6560466d04211ded12f3776667878ec9620dc4cbc49d9b05
                                                          • Instruction ID: db2d77aa44316c04a9e5efbad82545c44be1ecfe77004e1d82d91dc3d5f89224
                                                          • Opcode Fuzzy Hash: 3f1c30919355722f6560466d04211ded12f3776667878ec9620dc4cbc49d9b05
                                                          • Instruction Fuzzy Hash: CF514AB1540209BFDB218F64C988ABB7BFEFF08764F044419F945A6210DB35E984ABA0
                                                          Function 00F3856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00F38592
                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00F385A2
                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00F385AD
                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00F385BA
                                                          • GlobalLock.KERNEL32(00000000), ref: 00F385C8
                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00F385D7
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00F385E0
                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00F385E7
                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00F385F8
                                                          • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00F3FC38,?), ref: 00F38611
                                                          • GlobalFree.KERNEL32(00000000), ref: 00F38621
                                                          • GetObjectW.GDI32(?,00000018,?), ref: 00F38641
                                                          • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00F38671
                                                          • DeleteObject.GDI32(?), ref: 00F38699
                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00F386AF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                          • String ID:
                                                          • API String ID: 3840717409-0
                                                          • Opcode ID: 827249dfd8d41a8c53d6daf985a58b1f8579c3bf7d228d47679c0d111c3e909e
                                                          • Instruction ID: 8838185befdabe70d90f45c8df2e60d4a5508e38b4bec77d1a4957090babbd3f
                                                          • Opcode Fuzzy Hash: 827249dfd8d41a8c53d6daf985a58b1f8579c3bf7d228d47679c0d111c3e909e
                                                          • Instruction Fuzzy Hash: F241FB75600208AFDB119FA5DC89EAB7BB9FF89761F148058F905E7260DB349D01EB60
                                                          Function 00F114BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(00000000), ref: 00F11502
                                                          • VariantCopy.OLEAUT32(?,?), ref: 00F1150B
                                                          • VariantClear.OLEAUT32(?), ref: 00F11517
                                                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00F115FB
                                                          • VarR8FromDec.OLEAUT32(?,?), ref: 00F11657
                                                          • VariantInit.OLEAUT32(?), ref: 00F11708
                                                          • SysFreeString.OLEAUT32(?), ref: 00F1178C
                                                          • VariantClear.OLEAUT32(?), ref: 00F117D8
                                                          • VariantClear.OLEAUT32(?), ref: 00F117E7
                                                          • VariantInit.OLEAUT32(00000000), ref: 00F11823
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                          • API String ID: 1234038744-3931177956
                                                          • Opcode ID: e2f56bc6095178a6f2e406bf97ef79c4906cf872ba28de8d219979824c5383c0
                                                          • Instruction ID: da4b243611e3fbbbb34805477fac7db864ed972eaaa311703914a8d1882b9053
                                                          • Opcode Fuzzy Hash: e2f56bc6095178a6f2e406bf97ef79c4906cf872ba28de8d219979824c5383c0
                                                          • Instruction Fuzzy Hash: 75D10132A10115DBDB109F65D884BFEB7F6BF45710F188156F646AB280DB34EC84EBA2
                                                          Function 00F2B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00F2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F2B6AE,?,?), ref: 00F2C9B5
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2C9F1
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2CA68
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2CA9E
                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F2B6F4
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F2B772
                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 00F2B80A
                                                          • RegCloseKey.ADVAPI32(?), ref: 00F2B87E
                                                          • RegCloseKey.ADVAPI32(?), ref: 00F2B89C
                                                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00F2B8F2
                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F2B904
                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00F2B922
                                                          • FreeLibrary.KERNEL32(00000000), ref: 00F2B983
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00F2B994
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                          • API String ID: 146587525-4033151799
                                                          • Opcode ID: cc6461d1a422e7a26a42806bfebb2097fefe54b8035e8fd251fb110d84448bcc
                                                          • Instruction ID: 97d79bb65d68e949fbe1469e9afb363db00da70d5d4f6cd4123362fbb3f4d5bd
                                                          • Opcode Fuzzy Hash: cc6461d1a422e7a26a42806bfebb2097fefe54b8035e8fd251fb110d84448bcc
                                                          • Instruction Fuzzy Hash: F1C1C035604211AFD714DF14D494F2ABBE1FF89318F18849CF89A9B2A2CB35EC46DB81
                                                          Function 00F2255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDC.USER32(00000000), ref: 00F225D8
                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00F225E8
                                                          • CreateCompatibleDC.GDI32(?), ref: 00F225F4
                                                          • SelectObject.GDI32(00000000,?), ref: 00F22601
                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00F2266D
                                                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00F226AC
                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00F226D0
                                                          • SelectObject.GDI32(?,?), ref: 00F226D8
                                                          • DeleteObject.GDI32(?), ref: 00F226E1
                                                          • DeleteDC.GDI32(?), ref: 00F226E8
                                                          • ReleaseDC.USER32(00000000,?), ref: 00F226F3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                          • String ID: (
                                                          • API String ID: 2598888154-3887548279
                                                          • Opcode ID: 55dc2152d93323ed6d172a39c887196ba1f463b068cf3ecadc12159f72286c57
                                                          • Instruction ID: 8222f786dd87b60b279a0216ebaea069c2c788d96717f40ab80b72190e6329f9
                                                          • Opcode Fuzzy Hash: 55dc2152d93323ed6d172a39c887196ba1f463b068cf3ecadc12159f72286c57
                                                          • Instruction Fuzzy Hash: D161E376D00219EFCF14CFA4DC85AAEBBB6FF48310F208529E955A7250D774A941EF90
                                                          Function 00EDDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • ___free_lconv_mon.LIBCMT ref: 00EDDAA1
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD659
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD66B
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD67D
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD68F
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD6A1
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD6B3
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD6C5
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD6D7
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD6E9
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD6FB
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD70D
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD71F
                                                            • Part of subcall function 00EDD63C: _free.LIBCMT ref: 00EDD731
                                                          • _free.LIBCMT ref: 00EDDA96
                                                            • Part of subcall function 00ED29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000), ref: 00ED29DE
                                                            • Part of subcall function 00ED29C8: GetLastError.KERNEL32(00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000,00000000), ref: 00ED29F0
                                                          • _free.LIBCMT ref: 00EDDAB8
                                                          • _free.LIBCMT ref: 00EDDACD
                                                          • _free.LIBCMT ref: 00EDDAD8
                                                          • _free.LIBCMT ref: 00EDDAFA
                                                          • _free.LIBCMT ref: 00EDDB0D
                                                          • _free.LIBCMT ref: 00EDDB1B
                                                          • _free.LIBCMT ref: 00EDDB26
                                                          • _free.LIBCMT ref: 00EDDB5E
                                                          • _free.LIBCMT ref: 00EDDB65
                                                          • _free.LIBCMT ref: 00EDDB82
                                                          • _free.LIBCMT ref: 00EDDB9A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                          • String ID:
                                                          • API String ID: 161543041-0
                                                          • Opcode ID: 1d1087ed3f86e960b80f141e9035582ae26a47d1fc18f4711907058c0f495d66
                                                          • Instruction ID: 6f60d30af5b674fcc3bcf8116bb9ee69b6094341eccde52cfe91689a6b754ebe
                                                          • Opcode Fuzzy Hash: 1d1087ed3f86e960b80f141e9035582ae26a47d1fc18f4711907058c0f495d66
                                                          • Instruction Fuzzy Hash: 50315C316086049FEB21AA38EC45B5677E8FF50318F15641BE559EB391DA32AC429720
                                                          Function 00F0365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00F0369C
                                                          • _wcslen.LIBCMT ref: 00F036A7
                                                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00F03797
                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00F0380C
                                                          • GetDlgCtrlID.USER32(?), ref: 00F0385D
                                                          • GetWindowRect.USER32(?,?), ref: 00F03882
                                                          • GetParent.USER32(?), ref: 00F038A0
                                                          • ScreenToClient.USER32(00000000), ref: 00F038A7
                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00F03921
                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00F0395D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                          • String ID: %s%u
                                                          • API String ID: 4010501982-679674701
                                                          • Opcode ID: 830cd0e078a64c1546e698ada07d9a8d7448ef5e97f026bce8a82b687af231f0
                                                          • Instruction ID: b247c90e7a4fb77b93cc51f52908d4cfe79fd151d0d130c7a41705977684c462
                                                          • Opcode Fuzzy Hash: 830cd0e078a64c1546e698ada07d9a8d7448ef5e97f026bce8a82b687af231f0
                                                          • Instruction Fuzzy Hash: 5E91AD72604606AFD719DF24C885FAAF7EDFF44360F008629F99992190DB30EA45EB91
                                                          Function 00F04954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00F04994
                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00F049DA
                                                          • _wcslen.LIBCMT ref: 00F049EB
                                                          • CharUpperBuffW.USER32(?,00000000), ref: 00F049F7
                                                          • _wcsstr.LIBVCRUNTIME ref: 00F04A2C
                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00F04A64
                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00F04A9D
                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00F04AE6
                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00F04B20
                                                          • GetWindowRect.USER32(?,?), ref: 00F04B8B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                          • String ID: ThumbnailClass
                                                          • API String ID: 1311036022-1241985126
                                                          • Opcode ID: 622f1155c396891e0780756b57e51c322a9b43b832ea6272ce299da95a2555b7
                                                          • Instruction ID: 9eac6447e64b36ab3fdfb49466d9523121128926483e480dd77b8b8e9689cde2
                                                          • Opcode Fuzzy Hash: 622f1155c396891e0780756b57e51c322a9b43b832ea6272ce299da95a2555b7
                                                          • Instruction Fuzzy Hash: F091BEB25042059BDB04CF14C981FAA77E9FF84324F048469FE859A0D6DB34FD45EBA1
                                                          Function 00F38D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EB9BB2
                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00F38D5A
                                                          • GetFocus.USER32 ref: 00F38D6A
                                                          • GetDlgCtrlID.USER32(00000000), ref: 00F38D75
                                                          • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00F38E1D
                                                          • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00F38ECF
                                                          • GetMenuItemCount.USER32(?), ref: 00F38EEC
                                                          • GetMenuItemID.USER32(?,00000000), ref: 00F38EFC
                                                          • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00F38F2E
                                                          • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00F38F70
                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00F38FA1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                          • String ID: 0
                                                          • API String ID: 1026556194-4108050209
                                                          • Opcode ID: 9c84f691408c0282c4d07cb4ee45039ccf3c2574503020f4a2e2ca8579bf7a75
                                                          • Instruction ID: 1c29dc92a64b6b51e946b328742a3d698126e01e1d8e33cc2e13e5b2b6a7ae32
                                                          • Opcode Fuzzy Hash: 9c84f691408c0282c4d07cb4ee45039ccf3c2574503020f4a2e2ca8579bf7a75
                                                          • Instruction Fuzzy Hash: 7481B2719043059FD710DF24C884AAB7BE9FF883B4F14051DF985A7291DB38D946EBA2
                                                          Function 00F0DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00F0DC20
                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00F0DC46
                                                          • _wcslen.LIBCMT ref: 00F0DC50
                                                          • _wcsstr.LIBVCRUNTIME ref: 00F0DCA0
                                                          • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00F0DCBC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                          • API String ID: 1939486746-1459072770
                                                          • Opcode ID: 489930993490a44bdec99e77fe90044ad636cfeb72290b04584be1a8b88dd0ef
                                                          • Instruction ID: a33bc0726015942af6b594129b77cdfffb6868de26579031e2cf7fe9474374ad
                                                          • Opcode Fuzzy Hash: 489930993490a44bdec99e77fe90044ad636cfeb72290b04584be1a8b88dd0ef
                                                          • Instruction Fuzzy Hash: C441F2729402057ADB14A7B49C47FFF77ACEF41720F101069F900B61D2EA72DA02A7A5
                                                          Function 00F2CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00F2CC64
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00F2CC8D
                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00F2CD48
                                                            • Part of subcall function 00F2CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00F2CCAA
                                                            • Part of subcall function 00F2CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00F2CCBD
                                                            • Part of subcall function 00F2CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F2CCCF
                                                            • Part of subcall function 00F2CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00F2CD05
                                                            • Part of subcall function 00F2CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00F2CD28
                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00F2CCF3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                          • API String ID: 2734957052-4033151799
                                                          • Opcode ID: d4e02a57a4715c97e93851d97b7acdbf8f1ca69d843cb4b65cdbecef66f349e0
                                                          • Instruction ID: 3fa0ab2b51337e84b72f327f105ec997f0e5f1c607c34f0a14570fb501a8b29e
                                                          • Opcode Fuzzy Hash: d4e02a57a4715c97e93851d97b7acdbf8f1ca69d843cb4b65cdbecef66f349e0
                                                          • Instruction Fuzzy Hash: FB316BB6941128BBDB209B61EC88EEFBB7DEF05764F000165A915E3240DA749A45BBE0
                                                          Function 00F13D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00F13D40
                                                          • _wcslen.LIBCMT ref: 00F13D6D
                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00F13D9D
                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00F13DBE
                                                          • RemoveDirectoryW.KERNEL32(?), ref: 00F13DCE
                                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00F13E55
                                                          • CloseHandle.KERNEL32(00000000), ref: 00F13E60
                                                          • CloseHandle.KERNEL32(00000000), ref: 00F13E6B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                          • String ID: :$\$\??\%s
                                                          • API String ID: 1149970189-3457252023
                                                          • Opcode ID: b98fb98bdc7333b51b91ef4c43af6539ea06dc9beb6784323a9da4ed531b2bc8
                                                          • Instruction ID: d59dd7e9a788ed63c659b71e642e58937f08c70041bc6ede7a34611d8d2def84
                                                          • Opcode Fuzzy Hash: b98fb98bdc7333b51b91ef4c43af6539ea06dc9beb6784323a9da4ed531b2bc8
                                                          • Instruction Fuzzy Hash: FB31927290021DABDB219BA0DC89FEF37BDEF88710F1041B9F505E60A0EB7497849B64
                                                          Function 00F0E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • timeGetTime.WINMM ref: 00F0E6B4
                                                            • Part of subcall function 00EBE551: timeGetTime.WINMM(?,?,00F0E6D4), ref: 00EBE555
                                                          • Sleep.KERNEL32(0000000A), ref: 00F0E6E1
                                                          • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00F0E705
                                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00F0E727
                                                          • SetActiveWindow.USER32 ref: 00F0E746
                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00F0E754
                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00F0E773
                                                          • Sleep.KERNEL32(000000FA), ref: 00F0E77E
                                                          • IsWindow.USER32 ref: 00F0E78A
                                                          • EndDialog.USER32(00000000), ref: 00F0E79B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                          • String ID: BUTTON
                                                          • API String ID: 1194449130-3405671355
                                                          • Opcode ID: c531d91e156f188f0899843e4cad16fd232637ce9c55cdc3296bfdda32c7dc24
                                                          • Instruction ID: 23013e08469aca46b4f2cf44b843a89e998355eea8f501aacf4fde8715506bda
                                                          • Opcode Fuzzy Hash: c531d91e156f188f0899843e4cad16fd232637ce9c55cdc3296bfdda32c7dc24
                                                          • Instruction Fuzzy Hash: 8E21A87130020CAFEB406F24FC89B257B6AF754769F140825F51A911F1DB759C40BB56
                                                          Function 00F0E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00F0EA5D
                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00F0EA73
                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F0EA84
                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00F0EA96
                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00F0EAA7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: SendString$_wcslen
                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                          • API String ID: 2420728520-1007645807
                                                          • Opcode ID: a3f5cac3c2c4cd2202007b0ed00fc62dc2617564806ff33991fe9b318af8fd99
                                                          • Instruction ID: 98c8df3c7e5ba0f5f5b831fa4e41137b6540c0af1e78bf66fa3bcc89d54ad2cd
                                                          • Opcode Fuzzy Hash: a3f5cac3c2c4cd2202007b0ed00fc62dc2617564806ff33991fe9b318af8fd99
                                                          • Instruction Fuzzy Hash: FC117331B5021979D720A7A1DC4AEFFAABCEBD6B50F0408297811E60D1EFB05905EAB1
                                                          Function 00F09F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetKeyboardState.USER32(?), ref: 00F0A012
                                                          • SetKeyboardState.USER32(?), ref: 00F0A07D
                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00F0A09D
                                                          • GetKeyState.USER32(000000A0), ref: 00F0A0B4
                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00F0A0E3
                                                          • GetKeyState.USER32(000000A1), ref: 00F0A0F4
                                                          • GetAsyncKeyState.USER32(00000011), ref: 00F0A120
                                                          • GetKeyState.USER32(00000011), ref: 00F0A12E
                                                          • GetAsyncKeyState.USER32(00000012), ref: 00F0A157
                                                          • GetKeyState.USER32(00000012), ref: 00F0A165
                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00F0A18E
                                                          • GetKeyState.USER32(0000005B), ref: 00F0A19C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: State$Async$Keyboard
                                                          • String ID:
                                                          • API String ID: 541375521-0
                                                          • Opcode ID: f71a2c5e85ad2c4e5d7b2ad1782092cf2f82bcf6009b820fcdf9ccb0e2eae6a7
                                                          • Instruction ID: a4f13a171bcbfd3b74abe8f167508ed09687649091cbe77ffe44eac781023b44
                                                          • Opcode Fuzzy Hash: f71a2c5e85ad2c4e5d7b2ad1782092cf2f82bcf6009b820fcdf9ccb0e2eae6a7
                                                          • Instruction Fuzzy Hash: 9851FD30D0878869FB35DB7089117EABFF55F11390F088599D5C2571C3EA949A4CFBA2
                                                          Function 00F05CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,00000001), ref: 00F05CE2
                                                          • GetWindowRect.USER32(00000000,?), ref: 00F05CFB
                                                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00F05D59
                                                          • GetDlgItem.USER32(?,00000002), ref: 00F05D69
                                                          • GetWindowRect.USER32(00000000,?), ref: 00F05D7B
                                                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00F05DCF
                                                          • GetDlgItem.USER32(?,000003E9), ref: 00F05DDD
                                                          • GetWindowRect.USER32(00000000,?), ref: 00F05DEF
                                                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00F05E31
                                                          • GetDlgItem.USER32(?,000003EA), ref: 00F05E44
                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00F05E5A
                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00F05E67
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                          • String ID:
                                                          • API String ID: 3096461208-0
                                                          • Opcode ID: 4a4fc91ecc46d9de464b64af92ded74bd74d4345fa4e19ca287ec91c3d9c9d9e
                                                          • Instruction ID: 553db9a0d2cb775e1e226a8869c577f49947a5d6561acec92e6e6418269a9cd2
                                                          • Opcode Fuzzy Hash: 4a4fc91ecc46d9de464b64af92ded74bd74d4345fa4e19ca287ec91c3d9c9d9e
                                                          • Instruction Fuzzy Hash: 0551FDB1E00619AFDF18CF68DD89AAEBBB6EB48710F148129F915E7290D7709E04DF50
                                                          Function 00EB8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00EB8BE8,?,00000000,?,?,?,?,00EB8BBA,00000000,?), ref: 00EB8FC5
                                                          • DestroyWindow.USER32(?), ref: 00EB8C81
                                                          • KillTimer.USER32(00000000,?,?,?,?,00EB8BBA,00000000,?), ref: 00EB8D1B
                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 00EF6973
                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00EB8BBA,00000000,?), ref: 00EF69A1
                                                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00EB8BBA,00000000,?), ref: 00EF69B8
                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00EB8BBA,00000000), ref: 00EF69D4
                                                          • DeleteObject.GDI32(00000000), ref: 00EF69E6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                          • String ID:
                                                          • API String ID: 641708696-0
                                                          • Opcode ID: c005b08b363a33d1e406051f6295cc24fd73824f5a237f84a767866d2349df6f
                                                          • Instruction ID: b14ab805676d22a2db93a0ee48a7d39fdaa616d7b83a668b881e420821dbd6a0
                                                          • Opcode Fuzzy Hash: c005b08b363a33d1e406051f6295cc24fd73824f5a237f84a767866d2349df6f
                                                          • Instruction Fuzzy Hash: FB61EE71101608DFDB258F18DA48BB6BBF5FB4031AF14641DE246BA660CB71ACC5EF92
                                                          Function 00EB9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9944: GetWindowLongW.USER32(?,000000EB), ref: 00EB9952
                                                          • GetSysColor.USER32(0000000F), ref: 00EB9862
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ColorLongWindow
                                                          • String ID:
                                                          • API String ID: 259745315-0
                                                          • Opcode ID: b6d6f632ad1c1151e294c004d6a5d3cda8ce041ec4c0b621d276216baf5395aa
                                                          • Instruction ID: 4ba13f8ff1e8daf3acd8e59b92071cd7d2f3bfdb54da77271740074232b57675
                                                          • Opcode Fuzzy Hash: b6d6f632ad1c1151e294c004d6a5d3cda8ce041ec4c0b621d276216baf5395aa
                                                          • Instruction Fuzzy Hash: 3A41B231104648AFDB255F389C84BFA3BB6EB46334F145619FBA2A71E2D7319C42EB50
                                                          Function 00ED8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .
                                                          • API String ID: 0-3963672497
                                                          • Opcode ID: bcb4e84b754706eaa012ab9e5c4fac0e1a64c0d46ea88310f41f507371dbd9a4
                                                          • Instruction ID: 3b5049b49cd6fc100058200ade4f8b845d9fcb9ac9fec2020244cb79249a33dc
                                                          • Opcode Fuzzy Hash: bcb4e84b754706eaa012ab9e5c4fac0e1a64c0d46ea88310f41f507371dbd9a4
                                                          • Instruction Fuzzy Hash: 90C1F274A04249AFDB11DFA8DD41BEDBBF1EF09310F08605AE918B7392CB318942DB61
                                                          Function 00F096E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00EEF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00F09717
                                                          • LoadStringW.USER32(00000000,?,00EEF7F8,00000001), ref: 00F09720
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00EEF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00F09742
                                                          • LoadStringW.USER32(00000000,?,00EEF7F8,00000001), ref: 00F09745
                                                          • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00F09866
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: HandleLoadModuleString$Message_wcslen
                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                          • API String ID: 747408836-2268648507
                                                          • Opcode ID: 794b470d729137a35cc318c95b7441f9879982f218a048993a0d0f7626dd1660
                                                          • Instruction ID: ebed174ce0ceb93b5cdcaebe881406b3462625d214df48c249d3126811b9504e
                                                          • Opcode Fuzzy Hash: 794b470d729137a35cc318c95b7441f9879982f218a048993a0d0f7626dd1660
                                                          • Instruction Fuzzy Hash: B8416272804219AACF04EBE0CD42DEEB7B8EF5A340F505065F505B6092EF756F48EB61
                                                          Function 00F006DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA6B57: _wcslen.LIBCMT ref: 00EA6B6A
                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00F007A2
                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00F007BE
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00F007DA
                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00F00804
                                                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00F0082C
                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00F00837
                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00F0083C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                          • API String ID: 323675364-22481851
                                                          • Opcode ID: bbf841242f5f3a3fc9b6da8f33b3b983e4452dd3502397e623d7691212900f8e
                                                          • Instruction ID: 74b6b316a51464cb733712b71fcdcb8fc865f40841ad312597627186185d05c6
                                                          • Opcode Fuzzy Hash: bbf841242f5f3a3fc9b6da8f33b3b983e4452dd3502397e623d7691212900f8e
                                                          • Instruction Fuzzy Hash: 9D410972C10229ABDF15EBA4DC85DEDB7B8BF48750F044169F911B71A1EB34AE04DBA0
                                                          Function 00F33F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00F3403B
                                                          • CreateCompatibleDC.GDI32(00000000), ref: 00F34042
                                                          • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00F34055
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00F3405D
                                                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 00F34068
                                                          • DeleteDC.GDI32(00000000), ref: 00F34072
                                                          • GetWindowLongW.USER32(?,000000EC), ref: 00F3407C
                                                          • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00F34092
                                                          • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00F3409E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                          • String ID: static
                                                          • API String ID: 2559357485-2160076837
                                                          • Opcode ID: 5e9071e6c45677a654b14523a2409314188c94bbc825f6c0aa5efc5e1c753068
                                                          • Instruction ID: ec69dcce65532572511ec61a999ae576796862cea488178123335fd0a7876a4c
                                                          • Opcode Fuzzy Hash: 5e9071e6c45677a654b14523a2409314188c94bbc825f6c0aa5efc5e1c753068
                                                          • Instruction Fuzzy Hash: 0F316C72501219ABDF219FA4DC49FDA3BA9FF0D330F110211FA18E61A0C775E861EBA0
                                                          Function 00F23C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 00F23C5C
                                                          • CoInitialize.OLE32(00000000), ref: 00F23C8A
                                                          • CoUninitialize.OLE32 ref: 00F23C94
                                                          • _wcslen.LIBCMT ref: 00F23D2D
                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 00F23DB1
                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 00F23ED5
                                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00F23F0E
                                                          • CoGetObject.OLE32(?,00000000,00F3FB98,?), ref: 00F23F2D
                                                          • SetErrorMode.KERNEL32(00000000), ref: 00F23F40
                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00F23FC4
                                                          • VariantClear.OLEAUT32(?), ref: 00F23FD8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                          • String ID:
                                                          • API String ID: 429561992-0
                                                          • Opcode ID: 504298bbb9c605d72a073c738399c5840255a97f13ffaa27f90fdc0294843195
                                                          • Instruction ID: 7187813f059395f5dedc586cb096cdef5fe896bac3b41ac1d697fb080472ccda
                                                          • Opcode Fuzzy Hash: 504298bbb9c605d72a073c738399c5840255a97f13ffaa27f90fdc0294843195
                                                          • Instruction Fuzzy Hash: 50C167B1A083159FC700DF68D88492BB7E9FF89754F00491DF98AAB251DB34EE05DB92
                                                          Function 00F17A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoInitialize.OLE32(00000000), ref: 00F17AF3
                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00F17B8F
                                                          • SHGetDesktopFolder.SHELL32(?), ref: 00F17BA3
                                                          • CoCreateInstance.OLE32(00F3FD08,00000000,00000001,00F66E6C,?), ref: 00F17BEF
                                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00F17C74
                                                          • CoTaskMemFree.OLE32(?,?), ref: 00F17CCC
                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00F17D57
                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00F17D7A
                                                          • CoTaskMemFree.OLE32(00000000), ref: 00F17D81
                                                          • CoTaskMemFree.OLE32(00000000), ref: 00F17DD6
                                                          • CoUninitialize.OLE32 ref: 00F17DDC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                          • String ID:
                                                          • API String ID: 2762341140-0
                                                          • Opcode ID: 5c6dff4f1365f30b6cf334e50cfed358eef4d7453519d78a78b9e676d052113a
                                                          • Instruction ID: a9a81bad5270bc94690b5cbe214d4997f9aac949cb6e16c8377e863b00fbccc5
                                                          • Opcode Fuzzy Hash: 5c6dff4f1365f30b6cf334e50cfed358eef4d7453519d78a78b9e676d052113a
                                                          • Instruction Fuzzy Hash: 68C11D75A04209AFCB14DF64C884DAEBBF9FF48314B148499F919EB261D731EE81DB90
                                                          Function 00F3541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00F35504
                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F35515
                                                          • CharNextW.USER32(00000158), ref: 00F35544
                                                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00F35585
                                                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00F3559B
                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F355AC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CharNext
                                                          • String ID:
                                                          • API String ID: 1350042424-0
                                                          • Opcode ID: ec65f50fdb37641d3e702e8e50e8ee0134e8dba4a2288da9ed6f29de1f0c5b17
                                                          • Instruction ID: 0edb08559a78a44bb9ba3c88bbad807c9598bafef2cdee78deb100eedff765ea
                                                          • Opcode Fuzzy Hash: ec65f50fdb37641d3e702e8e50e8ee0134e8dba4a2288da9ed6f29de1f0c5b17
                                                          • Instruction Fuzzy Hash: 9C61AB71901608EBDF10DF54CC85AFE3BB9EB89B34F148145F925AA290D7749A80EBA1
                                                          Function 00EFFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00EFFAAF
                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 00EFFB08
                                                          • VariantInit.OLEAUT32(?), ref: 00EFFB1A
                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 00EFFB3A
                                                          • VariantCopy.OLEAUT32(?,?), ref: 00EFFB8D
                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 00EFFBA1
                                                          • VariantClear.OLEAUT32(?), ref: 00EFFBB6
                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 00EFFBC3
                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00EFFBCC
                                                          • VariantClear.OLEAUT32(?), ref: 00EFFBDE
                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00EFFBE9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                          • String ID:
                                                          • API String ID: 2706829360-0
                                                          • Opcode ID: 673916094edc272854d24a5bfdfe008736eea049b26b571b523263b0a19bf0de
                                                          • Instruction ID: 9808c76b062e91376ddb03e1704c9689722c0c0b8965b2c31f671590716686c6
                                                          • Opcode Fuzzy Hash: 673916094edc272854d24a5bfdfe008736eea049b26b571b523263b0a19bf0de
                                                          • Instruction Fuzzy Hash: 3D413D35A0021D9FCB04DFA4D8649FEBBB9EF48354F009069E956B7261DB30A945DBA0
                                                          Function 00F09C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetKeyboardState.USER32(?), ref: 00F09CA1
                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00F09D22
                                                          • GetKeyState.USER32(000000A0), ref: 00F09D3D
                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00F09D57
                                                          • GetKeyState.USER32(000000A1), ref: 00F09D6C
                                                          • GetAsyncKeyState.USER32(00000011), ref: 00F09D84
                                                          • GetKeyState.USER32(00000011), ref: 00F09D96
                                                          • GetAsyncKeyState.USER32(00000012), ref: 00F09DAE
                                                          • GetKeyState.USER32(00000012), ref: 00F09DC0
                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00F09DD8
                                                          • GetKeyState.USER32(0000005B), ref: 00F09DEA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: State$Async$Keyboard
                                                          • String ID:
                                                          • API String ID: 541375521-0
                                                          • Opcode ID: 7866a642e3e7bf19edc6d980407066bf9d7d211c18896e9678779d86a7e92086
                                                          • Instruction ID: ae9b0f9194fef29562568d7ef72caf6aeeff6d3b33bf6d9df89f7bd56b603258
                                                          • Opcode Fuzzy Hash: 7866a642e3e7bf19edc6d980407066bf9d7d211c18896e9678779d86a7e92086
                                                          • Instruction Fuzzy Hash: 4441C534E4D7CA69FF308760C8043A5BEA16B11364F48805ADAC6565C3FBE49DC8F7A2
                                                          Function 00F2055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WSAStartup.WSOCK32(00000101,?), ref: 00F205BC
                                                          • inet_addr.WSOCK32(?), ref: 00F2061C
                                                          • gethostbyname.WSOCK32(?), ref: 00F20628
                                                          • IcmpCreateFile.IPHLPAPI ref: 00F20636
                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00F206C6
                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00F206E5
                                                          • IcmpCloseHandle.IPHLPAPI(?), ref: 00F207B9
                                                          • WSACleanup.WSOCK32 ref: 00F207BF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                          • String ID: Ping
                                                          • API String ID: 1028309954-2246546115
                                                          • Opcode ID: f54d190249524a414bc22ec581ec9c9deab63a751014d786d415509260de4a51
                                                          • Instruction ID: 2362bd4e06c286d60d3a8bf6c84249bb3a1af08994854606fb66c72e1ff72792
                                                          • Opcode Fuzzy Hash: f54d190249524a414bc22ec581ec9c9deab63a751014d786d415509260de4a51
                                                          • Instruction Fuzzy Hash: A3919036A042119FD720DF15D889F1ABBE1AF48328F1485A9F4699B6A3CB30FD41DF91
                                                          Function 00F28CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$BuffCharLower
                                                          • String ID: cdecl$none$stdcall$winapi
                                                          • API String ID: 707087890-567219261
                                                          • Opcode ID: 02c68af1f41fb9f31ae0ddbd13ef82b71050649df218f369d8ef97ef1a1a063a
                                                          • Instruction ID: f57eb8e83c27acb4fe446ba998c952c7162ddde914dfe6c4d38a4efa2097a02c
                                                          • Opcode Fuzzy Hash: 02c68af1f41fb9f31ae0ddbd13ef82b71050649df218f369d8ef97ef1a1a063a
                                                          • Instruction Fuzzy Hash: 2B510532E015269BCF14DFACD9409BEB7E1BF643A0B614229E416EB2C5DB31DD42E790
                                                          Function 00F2372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoInitialize.OLE32 ref: 00F23774
                                                          • CoUninitialize.OLE32 ref: 00F2377F
                                                          • CoCreateInstance.OLE32(?,00000000,00000017,00F3FB78,?), ref: 00F237D9
                                                          • IIDFromString.OLE32(?,?), ref: 00F2384C
                                                          • VariantInit.OLEAUT32(?), ref: 00F238E4
                                                          • VariantClear.OLEAUT32(?), ref: 00F23936
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                          • API String ID: 636576611-1287834457
                                                          • Opcode ID: dea4ac3f6ff31a7ebeb6d046dd3840ddd659278dfdaf8c70e6a2d6aaed5990fe
                                                          • Instruction ID: 8c83f44cb170f164de057b6fa0c8e28563f4cf6accacc7977f49d508a93ca1c2
                                                          • Opcode Fuzzy Hash: dea4ac3f6ff31a7ebeb6d046dd3840ddd659278dfdaf8c70e6a2d6aaed5990fe
                                                          • Instruction Fuzzy Hash: F361D4B2608321AFD710DF54D848F9AB7E9EF49714F10080DF5859B291D778EE48EB92
                                                          Function 00F13388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00F133CF
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00F133F0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: LoadString$_wcslen
                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                          • API String ID: 4099089115-3080491070
                                                          • Opcode ID: 0c5b3f5d02c0b7ec170ed37f28cf12f99b0a4048efb601fd27ca4362e32e2c61
                                                          • Instruction ID: c34c64637c081492ff9140d2459465f747ea0aae90bbd9ddc7174bc6ff2e6646
                                                          • Opcode Fuzzy Hash: 0c5b3f5d02c0b7ec170ed37f28cf12f99b0a4048efb601fd27ca4362e32e2c61
                                                          • Instruction Fuzzy Hash: C851B371D00209AADF15EBE0CD42EEEB7B9EF09740F145065F405B6092EB356F98EB61
                                                          Function 00F0B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$BuffCharUpper
                                                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                          • API String ID: 1256254125-769500911
                                                          • Opcode ID: 15000f4e0212fd863c2e2a73e5e7238422ab1a6105122d5a366da16ccb207c6a
                                                          • Instruction ID: 8648e9ff04364eeee8d82f328772cd4c9a5ad09a5f5e38cb0f296579bcddeb62
                                                          • Opcode Fuzzy Hash: 15000f4e0212fd863c2e2a73e5e7238422ab1a6105122d5a366da16ccb207c6a
                                                          • Instruction Fuzzy Hash: 0141D832E001279BCB105F7DC9905BE77A5AFA1B74B244269E421DB2C4EB32CD81F790
                                                          Function 00F15393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNEL32(00000001), ref: 00F153A0
                                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00F15416
                                                          • GetLastError.KERNEL32 ref: 00F15420
                                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 00F154A7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                          • API String ID: 4194297153-14809454
                                                          • Opcode ID: 1657341a62f0a4019a0c20d50e0d66f8bff547bfacc4a7e6150cbb00081695dd
                                                          • Instruction ID: 8854ce3b565d0b8d2082343214ea5194694ed8c4b030611475178552af1fc766
                                                          • Opcode Fuzzy Hash: 1657341a62f0a4019a0c20d50e0d66f8bff547bfacc4a7e6150cbb00081695dd
                                                          • Instruction Fuzzy Hash: F9319D35A00604DFD710DF68C894BEABBB4EB89725F148069E405DF292DB71EDC2EB90
                                                          Function 00F33C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateMenu.USER32 ref: 00F33C79
                                                          • SetMenu.USER32(?,00000000), ref: 00F33C88
                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F33D10
                                                          • IsMenu.USER32(?), ref: 00F33D24
                                                          • CreatePopupMenu.USER32 ref: 00F33D2E
                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00F33D5B
                                                          • DrawMenuBar.USER32 ref: 00F33D63
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                          • String ID: 0$F
                                                          • API String ID: 161812096-3044882817
                                                          • Opcode ID: e72388397b328e0a474aae70c475c8b923068b6f74fa1e1e41588365722a28a8
                                                          • Instruction ID: ffb4d94f6c6757ae5bf226d6f3e3aa9748a7fb7a4eef04fc3dde3ef65c18a1e1
                                                          • Opcode Fuzzy Hash: e72388397b328e0a474aae70c475c8b923068b6f74fa1e1e41588365722a28a8
                                                          • Instruction Fuzzy Hash: 4D411975A01209EFDB14CF64D844BEA7BB6FF49360F140029FA46A7360D771AA14EF94
                                                          Function 00F01EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00F03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F03CCA
                                                          • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00F01F64
                                                          • GetDlgCtrlID.USER32 ref: 00F01F6F
                                                          • GetParent.USER32 ref: 00F01F8B
                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F01F8E
                                                          • GetDlgCtrlID.USER32(?), ref: 00F01F97
                                                          • GetParent.USER32(?), ref: 00F01FAB
                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F01FAE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 711023334-1403004172
                                                          • Opcode ID: 62ce2d0cc8095688f2e8d00e234e7314bf68830e1ddce240a3dde0465ed1f3d6
                                                          • Instruction ID: 4ab77623ae479202d5e1776d0ca5510ed33ce45f62e961f02cf582e82f7bf78d
                                                          • Opcode Fuzzy Hash: 62ce2d0cc8095688f2e8d00e234e7314bf68830e1ddce240a3dde0465ed1f3d6
                                                          • Instruction Fuzzy Hash: E321B371900218BBCF04AFA0DC859EEBBB9EF0A360F104115F955B72D1CB385904BB60
                                                          Function 00F01FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00F03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F03CCA
                                                          • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00F02043
                                                          • GetDlgCtrlID.USER32 ref: 00F0204E
                                                          • GetParent.USER32 ref: 00F0206A
                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F0206D
                                                          • GetDlgCtrlID.USER32(?), ref: 00F02076
                                                          • GetParent.USER32(?), ref: 00F0208A
                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F0208D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 711023334-1403004172
                                                          • Opcode ID: 633894afa80c943798054d3017d847ec5ad55d110e81475d6d8f003f51d44ffe
                                                          • Instruction ID: 8237e2ea078f8843726f07908778ec37346fdee8effe9d1934d14bda85620a83
                                                          • Opcode Fuzzy Hash: 633894afa80c943798054d3017d847ec5ad55d110e81475d6d8f003f51d44ffe
                                                          • Instruction Fuzzy Hash: BF21BE71900218BBDB14AFA0CC89AEEBBB9EB09350F104005B955A71A1CA799914FB60
                                                          Function 00F33A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00F33A9D
                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00F33AA0
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F33AC7
                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F33AEA
                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00F33B62
                                                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00F33BAC
                                                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00F33BC7
                                                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00F33BE2
                                                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00F33BF6
                                                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00F33C13
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$LongWindow
                                                          • String ID:
                                                          • API String ID: 312131281-0
                                                          • Opcode ID: 21fefc281f041b8d849022f0541364ff4bee52f7f55a2ab46d8eac21f534d116
                                                          • Instruction ID: 7fac2dddccc1b7effbbde07aeb3587d9c3129862d92e8b56874fee7d0f0a3344
                                                          • Opcode Fuzzy Hash: 21fefc281f041b8d849022f0541364ff4bee52f7f55a2ab46d8eac21f534d116
                                                          • Instruction Fuzzy Hash: 52616B75900248AFDB10DFA8CC81EEE77F8EF49720F104199FA15A72A1D774AE85EB50
                                                          Function 00F0B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentThreadId.KERNEL32 ref: 00F0B151
                                                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00F0A1E1,?,00000001), ref: 00F0B165
                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 00F0B16C
                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F0A1E1,?,00000001), ref: 00F0B17B
                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F0B18D
                                                          • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00F0A1E1,?,00000001), ref: 00F0B1A6
                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F0A1E1,?,00000001), ref: 00F0B1B8
                                                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00F0A1E1,?,00000001), ref: 00F0B1FD
                                                          • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00F0A1E1,?,00000001), ref: 00F0B212
                                                          • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00F0A1E1,?,00000001), ref: 00F0B21D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                          • String ID:
                                                          • API String ID: 2156557900-0
                                                          • Opcode ID: a0274033a1e0f81bb1a20e7c68e71cd22d96e77a2d3425a8eff2e62368f6a2c1
                                                          • Instruction ID: f514c6a8bbfa810f83ee35ab6dc0d31c511b1f82d44467872d4bda33e93cad6d
                                                          • Opcode Fuzzy Hash: a0274033a1e0f81bb1a20e7c68e71cd22d96e77a2d3425a8eff2e62368f6a2c1
                                                          • Instruction Fuzzy Hash: 9B31AD71900208BFDB119F24DC49B6D7BAABB61325F104405FA09E62D0D7B49E80BFA1
                                                          Function 00ED2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 00ED2C94
                                                            • Part of subcall function 00ED29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000), ref: 00ED29DE
                                                            • Part of subcall function 00ED29C8: GetLastError.KERNEL32(00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000,00000000), ref: 00ED29F0
                                                          • _free.LIBCMT ref: 00ED2CA0
                                                          • _free.LIBCMT ref: 00ED2CAB
                                                          • _free.LIBCMT ref: 00ED2CB6
                                                          • _free.LIBCMT ref: 00ED2CC1
                                                          • _free.LIBCMT ref: 00ED2CCC
                                                          • _free.LIBCMT ref: 00ED2CD7
                                                          • _free.LIBCMT ref: 00ED2CE2
                                                          • _free.LIBCMT ref: 00ED2CED
                                                          • _free.LIBCMT ref: 00ED2CFB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: 9d3ecd0ce38caca86c68a4f4edd194f5890ce6d98cb50651e71d9ec4d1df64b3
                                                          • Instruction ID: aaf502842a91508c01066a8243d020aaf5f97e45a140bcbbe8f884deae2c58a3
                                                          • Opcode Fuzzy Hash: 9d3ecd0ce38caca86c68a4f4edd194f5890ce6d98cb50651e71d9ec4d1df64b3
                                                          • Instruction Fuzzy Hash: BF11B976500108BFCB02EF54D852CDD3BA5FF55350F4154AAFA486F322D632EE51AB90
                                                          Function 00EA1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00EA1459
                                                          • OleUninitialize.OLE32(?,00000000), ref: 00EA14F8
                                                          • UnregisterHotKey.USER32(?), ref: 00EA16DD
                                                          • DestroyWindow.USER32(?), ref: 00EE24B9
                                                          • FreeLibrary.KERNEL32(?), ref: 00EE251E
                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00EE254B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                          • String ID: close all
                                                          • API String ID: 469580280-3243417748
                                                          • Opcode ID: 78644219037d7945ca231aabfae7f166aa4ef382d411e227e706f8b0075ff10f
                                                          • Instruction ID: b0e3541f7c2db64ac508a971d4710a69bbbe79628b4a69dcf4071ffab72c205d
                                                          • Opcode Fuzzy Hash: 78644219037d7945ca231aabfae7f166aa4ef382d411e227e706f8b0075ff10f
                                                          • Instruction Fuzzy Hash: 4FD19931701212CFCB19EF15C995A69F7A4BF0A314F1562ADE54ABB252CB30AD12CF91
                                                          Function 00F17DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00F17FAD
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00F17FC1
                                                          • GetFileAttributesW.KERNEL32(?), ref: 00F17FEB
                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00F18005
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00F18017
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00F18060
                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00F180B0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentDirectory$AttributesFile
                                                          • String ID: *.*
                                                          • API String ID: 769691225-438819550
                                                          • Opcode ID: 7cc31f5cf79ef1d40ef4eedc6b5b42fbe99f9af3e90879eeb75c57d974a8dd5c
                                                          • Instruction ID: a6fef30af27cd7ae9710dfcf2e1bb25482d1cfff2d61f51e19ed22397dae788f
                                                          • Opcode Fuzzy Hash: 7cc31f5cf79ef1d40ef4eedc6b5b42fbe99f9af3e90879eeb75c57d974a8dd5c
                                                          • Instruction Fuzzy Hash: C481C4729083459BCB20EF14C844AEAB3E9BF89320F144C5EF489D7250DB75ED85EB92
                                                          Function 00EA5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowLongW.USER32(?,000000EB), ref: 00EA5C7A
                                                            • Part of subcall function 00EA5D0A: GetClientRect.USER32(?,?), ref: 00EA5D30
                                                            • Part of subcall function 00EA5D0A: GetWindowRect.USER32(?,?), ref: 00EA5D71
                                                            • Part of subcall function 00EA5D0A: ScreenToClient.USER32(?,?), ref: 00EA5D99
                                                          • GetDC.USER32 ref: 00EE46F5
                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00EE4708
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00EE4716
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00EE472B
                                                          • ReleaseDC.USER32(?,00000000), ref: 00EE4733
                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00EE47C4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                          • String ID: U
                                                          • API String ID: 4009187628-3372436214
                                                          • Opcode ID: ae9da6042807d3e11f78b555e4da658e38d0a0124f67e021aaaa6c4e51bac9ab
                                                          • Instruction ID: fb4537bb23b52673b45d5089199b256cf215839df0280705c65c44bd0faa0b80
                                                          • Opcode Fuzzy Hash: ae9da6042807d3e11f78b555e4da658e38d0a0124f67e021aaaa6c4e51bac9ab
                                                          • Instruction Fuzzy Hash: 6971F471400249DFCF218F65C984AFA7BB5FF4A328F14526AED557A1A6C330D841EF90
                                                          Function 00F1359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00F135E4
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                          • LoadStringW.USER32(00F72390,?,00000FFF,?), ref: 00F1360A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: LoadString$_wcslen
                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                          • API String ID: 4099089115-2391861430
                                                          • Opcode ID: e821730296d975bee7fee4feec9c67e37376e99e1675a47b43dbd33d9c598416
                                                          • Instruction ID: 6ce05feb97e721e92a70761e64661d577a306e018ff18fd6d824fac58c7e0c64
                                                          • Opcode Fuzzy Hash: e821730296d975bee7fee4feec9c67e37376e99e1675a47b43dbd33d9c598416
                                                          • Instruction Fuzzy Hash: 1F519071C04219BADF14EBA0CC42EEEBBB4EF09350F145125F105760A2EB346B99EFA1
                                                          Function 00F38B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EB9BB2
                                                            • Part of subcall function 00EB912D: GetCursorPos.USER32(?), ref: 00EB9141
                                                            • Part of subcall function 00EB912D: ScreenToClient.USER32(00000000,?), ref: 00EB915E
                                                            • Part of subcall function 00EB912D: GetAsyncKeyState.USER32(00000001), ref: 00EB9183
                                                            • Part of subcall function 00EB912D: GetAsyncKeyState.USER32(00000002), ref: 00EB919D
                                                          • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00F38B6B
                                                          • ImageList_EndDrag.COMCTL32 ref: 00F38B71
                                                          • ReleaseCapture.USER32 ref: 00F38B77
                                                          • SetWindowTextW.USER32(?,00000000), ref: 00F38C12
                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00F38C25
                                                          • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00F38CFF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                          • API String ID: 1924731296-2107944366
                                                          • Opcode ID: e8e752c9a6b008c3ca17c52fb741ae563ff140ab7e9c49121ef0f58b00c04ea3
                                                          • Instruction ID: a5ddded39ca754db366cf8d47e260471244b54c3158d7e4ffd37fce020ce7a79
                                                          • Opcode Fuzzy Hash: e8e752c9a6b008c3ca17c52fb741ae563ff140ab7e9c49121ef0f58b00c04ea3
                                                          • Instruction Fuzzy Hash: 5D51CE71504304AFD704DF14DC56FAA77E5FB88760F00162DF956AB2E2CB34A948EBA2
                                                          Function 00F1C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F1C272
                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F1C29A
                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00F1C2CA
                                                          • GetLastError.KERNEL32 ref: 00F1C322
                                                          • SetEvent.KERNEL32(?), ref: 00F1C336
                                                          • InternetCloseHandle.WININET(00000000), ref: 00F1C341
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                          • String ID:
                                                          • API String ID: 3113390036-3916222277
                                                          • Opcode ID: f9f2e37ce45a6e4944c0503b78844b300d68ee5f210a303eda4198c1e0cbc0a6
                                                          • Instruction ID: 08698bb639c0a32c4619b8a93d88f45d4f19768c3866218376b1e69e260e3492
                                                          • Opcode Fuzzy Hash: f9f2e37ce45a6e4944c0503b78844b300d68ee5f210a303eda4198c1e0cbc0a6
                                                          • Instruction Fuzzy Hash: BD317FB1540208AFD7219F658C88AAB7BFDEB49764F10851DF456E2200DB34DD85ABE1
                                                          Function 00F0989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00EE3AAF,?,?,Bad directive syntax error,00F3CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00F098BC
                                                          • LoadStringW.USER32(00000000,?,00EE3AAF,?), ref: 00F098C3
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00F09987
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: HandleLoadMessageModuleString_wcslen
                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                          • API String ID: 858772685-4153970271
                                                          • Opcode ID: 92dfe2cd00af60c51b9185dc165970970c497862cb8dc200dc6b421b5a622f62
                                                          • Instruction ID: 2a9054180828c957db2ea7e94c9febcce4b2d0661c5e3093d1a097e208e03f8a
                                                          • Opcode Fuzzy Hash: 92dfe2cd00af60c51b9185dc165970970c497862cb8dc200dc6b421b5a622f62
                                                          • Instruction Fuzzy Hash: E4217C3280421EABCF15AF90CC06EEE7BB5FF19300F045469F515760A2EB75AA18EB51
                                                          Function 00F0209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetParent.USER32 ref: 00F020AB
                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 00F020C0
                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00F0214D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassMessageNameParentSend
                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                          • API String ID: 1290815626-3381328864
                                                          • Opcode ID: d312a42e6e35811c49462e458095153e1b91dab4f970f07d3de07aa109417dbc
                                                          • Instruction ID: 45c6eed496444887d94a5c521df9c350ad8dbc362445297cba2eed33c0bb894b
                                                          • Opcode Fuzzy Hash: d312a42e6e35811c49462e458095153e1b91dab4f970f07d3de07aa109417dbc
                                                          • Instruction Fuzzy Hash: 8B112977688706B9FA152620DC0FEA677DCCF05734F20111AFB08B50E2FF62A8427664
                                                          Function 00EDCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                          • String ID:
                                                          • API String ID: 1282221369-0
                                                          • Opcode ID: 8b00d74c6cba4e202df0e9a6c517c15cf0605a6bbf60472129c211adb0888e89
                                                          • Instruction ID: 396ca5f77c4a0bdbbf74163b474320aa7183998694c44ce71ca3ef9c871c56f6
                                                          • Opcode Fuzzy Hash: 8b00d74c6cba4e202df0e9a6c517c15cf0605a6bbf60472129c211adb0888e89
                                                          • Instruction Fuzzy Hash: 376177B1A04306AFDB21AFB49C81AA97BE6EF01394F24516FF904B7381DA329D03D750
                                                          Function 00EB8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00EF6890
                                                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00EF68A9
                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00EF68B9
                                                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00EF68D1
                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00EF68F2
                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00EB8874,00000000,00000000,00000000,000000FF,00000000), ref: 00EF6901
                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00EF691E
                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00EB8874,00000000,00000000,00000000,000000FF,00000000), ref: 00EF692D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                          • String ID:
                                                          • API String ID: 1268354404-0
                                                          • Opcode ID: e42a872f20e0e0b13bc5300ef49125d20c4914d3a531029a4530af772e4f4ae4
                                                          • Instruction ID: 59a222e6ddeaadb1a443ed162f8f9365eea332f068edc318230524537b7ab1c6
                                                          • Opcode Fuzzy Hash: e42a872f20e0e0b13bc5300ef49125d20c4914d3a531029a4530af772e4f4ae4
                                                          • Instruction Fuzzy Hash: CA516C74600209EFDB24CF24CC95BAA7BB6FB48764F105518FA56A72A0DB70E990EB50
                                                          Function 00F1C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F1C182
                                                          • GetLastError.KERNEL32 ref: 00F1C195
                                                          • SetEvent.KERNEL32(?), ref: 00F1C1A9
                                                            • Part of subcall function 00F1C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F1C272
                                                            • Part of subcall function 00F1C253: GetLastError.KERNEL32 ref: 00F1C322
                                                            • Part of subcall function 00F1C253: SetEvent.KERNEL32(?), ref: 00F1C336
                                                            • Part of subcall function 00F1C253: InternetCloseHandle.WININET(00000000), ref: 00F1C341
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                          • String ID:
                                                          • API String ID: 337547030-0
                                                          • Opcode ID: a80f34a28a79d0a326447d6d9a6471f0ed04d52c68807195628cb09d75d16469
                                                          • Instruction ID: 86ba0becf2f277aa26dfb9f03af40c1af02c6a2a05f1883c90d37b6f7d106ffb
                                                          • Opcode Fuzzy Hash: a80f34a28a79d0a326447d6d9a6471f0ed04d52c68807195628cb09d75d16469
                                                          • Instruction Fuzzy Hash: DA318C71680645BFDB219FA5DC48AABBBF9FF18320B00441DF95A93610D730E894BBE0
                                                          Function 00F025A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F03A57
                                                            • Part of subcall function 00F03A3D: GetCurrentThreadId.KERNEL32 ref: 00F03A5E
                                                            • Part of subcall function 00F03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F025B3), ref: 00F03A65
                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F025BD
                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00F025DB
                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00F025DF
                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F025E9
                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00F02601
                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00F02605
                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F0260F
                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00F02623
                                                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00F02627
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                          • String ID:
                                                          • API String ID: 2014098862-0
                                                          • Opcode ID: 64f94a93a9be67e04bbeb0a58bf20656006d2698cbd7206d5e3e1f70ac29b95b
                                                          • Instruction ID: 5f33a6581be45d64bc27ac3c3417f74092f5ef9c0f084d69700842e830f39df2
                                                          • Opcode Fuzzy Hash: 64f94a93a9be67e04bbeb0a58bf20656006d2698cbd7206d5e3e1f70ac29b95b
                                                          • Instruction Fuzzy Hash: B601D431390214BBFB1067699C8EF593F5ADB4EB22F100001F318BE0D1C9F22444BAA9
                                                          Function 00F01803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00F01449,?,?,00000000), ref: 00F0180C
                                                          • HeapAlloc.KERNEL32(00000000,?,00F01449,?,?,00000000), ref: 00F01813
                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00F01449,?,?,00000000), ref: 00F01828
                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00F01449,?,?,00000000), ref: 00F01830
                                                          • DuplicateHandle.KERNEL32(00000000,?,00F01449,?,?,00000000), ref: 00F01833
                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00F01449,?,?,00000000), ref: 00F01843
                                                          • GetCurrentProcess.KERNEL32(00F01449,00000000,?,00F01449,?,?,00000000), ref: 00F0184B
                                                          • DuplicateHandle.KERNEL32(00000000,?,00F01449,?,?,00000000), ref: 00F0184E
                                                          • CreateThread.KERNEL32(00000000,00000000,00F01874,00000000,00000000,00000000), ref: 00F01868
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                          • String ID:
                                                          • API String ID: 1957940570-0
                                                          • Opcode ID: 5daa3c5c03204c769e815d0036bd3fc1fc726903964ad32819900731a884cbdb
                                                          • Instruction ID: 31af81833cb89f718bcce1a156f4238576b88f147c81d1667980a72b1f933d5d
                                                          • Opcode Fuzzy Hash: 5daa3c5c03204c769e815d0036bd3fc1fc726903964ad32819900731a884cbdb
                                                          • Instruction Fuzzy Hash: A801BF75240308BFE710AB65DC4DF5B3BADEB89B11F004411FA05DB192C670D810EB60
                                                          Function 00ED3E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: __alldvrm$_strrchr
                                                          • String ID: }}$}}$}}
                                                          • API String ID: 1036877536-1495402609
                                                          • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                          • Instruction ID: a851fecfb54ea695eb3c263a158a7b95b9c5e9b79c2804f61fdc81e0a9e1320f
                                                          • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                          • Instruction Fuzzy Hash: 9EA128B1E0138A9FDB258F28C8917AEBBE5EF71354F18516EE585AB381C2348982C751
                                                          Function 00F2A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F0D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00F0D501
                                                            • Part of subcall function 00F0D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00F0D50F
                                                            • Part of subcall function 00F0D4DC: CloseHandle.KERNEL32(00000000), ref: 00F0D5DC
                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F2A16D
                                                          • GetLastError.KERNEL32 ref: 00F2A180
                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F2A1B3
                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 00F2A268
                                                          • GetLastError.KERNEL32(00000000), ref: 00F2A273
                                                          • CloseHandle.KERNEL32(00000000), ref: 00F2A2C4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                          • String ID: SeDebugPrivilege
                                                          • API String ID: 2533919879-2896544425
                                                          • Opcode ID: 9e95103fe7b9d8b5cdc1278d0f5b7d9d52688463586a70100ebff4e6052fa5bc
                                                          • Instruction ID: 650b7694d3c95fcb3d6db4ebedd56bba241c86566bc70b0357608adb6684bea3
                                                          • Opcode Fuzzy Hash: 9e95103fe7b9d8b5cdc1278d0f5b7d9d52688463586a70100ebff4e6052fa5bc
                                                          • Instruction Fuzzy Hash: E861CE306042129FD720DF14D894F16BBE1AF45328F18848CE4669F7A3C776EC49EB92
                                                          Function 00F33886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00F33925
                                                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00F3393A
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00F33954
                                                          • _wcslen.LIBCMT ref: 00F33999
                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 00F339C6
                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00F339F4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window_wcslen
                                                          • String ID: SysListView32
                                                          • API String ID: 2147712094-78025650
                                                          • Opcode ID: 661df2d451396f9daa9c15fb323b80f6cf16c9039378f3c43e6acf6429e5a8bc
                                                          • Instruction ID: ca4baa57eef156c1f1df750cc321c4a3a821ca2faec68b71a9e4ce1360db47d2
                                                          • Opcode Fuzzy Hash: 661df2d451396f9daa9c15fb323b80f6cf16c9039378f3c43e6acf6429e5a8bc
                                                          • Instruction Fuzzy Hash: D5417071E00219ABEB21DF64CC45BEA77AAFF08364F100526F958A7281D7759984DB90
                                                          Function 00F0BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F0BCFD
                                                          • IsMenu.USER32(00000000), ref: 00F0BD1D
                                                          • CreatePopupMenu.USER32 ref: 00F0BD53
                                                          • GetMenuItemCount.USER32(01545900), ref: 00F0BDA4
                                                          • InsertMenuItemW.USER32(01545900,?,00000001,00000030), ref: 00F0BDCC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                          • String ID: 0$2
                                                          • API String ID: 93392585-3793063076
                                                          • Opcode ID: 8c986af6dd7dcce5cc2e512a53eda449d502cf2f043d22383f68fe7de3f982c1
                                                          • Instruction ID: a4880106381ca3a8712af098ffdc8bdf0d63e9ccd3ebf76a638a3bc4370285ec
                                                          • Opcode Fuzzy Hash: 8c986af6dd7dcce5cc2e512a53eda449d502cf2f043d22383f68fe7de3f982c1
                                                          • Instruction Fuzzy Hash: 1551A071A0220ADBDB10DFA8D888BAEFBF5EF45324F148219E811A72D1D7749941FB61
                                                          Function 00EC2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _ValidateLocalCookies.LIBCMT ref: 00EC2D4B
                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00EC2D53
                                                          • _ValidateLocalCookies.LIBCMT ref: 00EC2DE1
                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00EC2E0C
                                                          • _ValidateLocalCookies.LIBCMT ref: 00EC2E61
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                          • String ID: &H$csm
                                                          • API String ID: 1170836740-1242228090
                                                          • Opcode ID: b73ec54b8663883c5e32d268aa7a80cbf7758848f1971b22b7a7fc5d7a95c601
                                                          • Instruction ID: 56f836cfae9162266de0751b7ef221a15646d5db96fc4d02af156af792ca1754
                                                          • Opcode Fuzzy Hash: b73ec54b8663883c5e32d268aa7a80cbf7758848f1971b22b7a7fc5d7a95c601
                                                          • Instruction Fuzzy Hash: 49419334A00209ABCF14DF68C945F9EBFA5BF54328F14915DEA157B392DB329A02CBD1
                                                          Function 00F0C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadIconW.USER32(00000000,00007F03), ref: 00F0C913
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: IconLoad
                                                          • String ID: blank$info$question$stop$warning
                                                          • API String ID: 2457776203-404129466
                                                          • Opcode ID: 0716afc60e0e4ea122c845d97f4a9ea92c53851323b8688d835eefeee4a85da8
                                                          • Instruction ID: 2e72a90662c17da1c84a877407a34a81b737a594d622f61a1f6769e62467a1dd
                                                          • Opcode Fuzzy Hash: 0716afc60e0e4ea122c845d97f4a9ea92c53851323b8688d835eefeee4a85da8
                                                          • Instruction Fuzzy Hash: 0A112B32A89306BAE7049B149D82EAA3BDCDF15724B10412EF904F61C2EB719D0172E9
                                                          Function 00F0DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                          • String ID: 0.0.0.0
                                                          • API String ID: 642191829-3771769585
                                                          • Opcode ID: 16a457f1962721e62f4a2e006900888fd83c78bda514c5f629c9534cf3318d53
                                                          • Instruction ID: fd52d40fe0c43f29e939c9d9e9b96a8a42fe778d0d303a3ac3ebb387100e2bae
                                                          • Opcode Fuzzy Hash: 16a457f1962721e62f4a2e006900888fd83c78bda514c5f629c9534cf3318d53
                                                          • Instruction Fuzzy Hash: EA11E472904219ABCB20AB60DC0AEEE77BDDF50720F000169F405BA0D1EF71CA81BBA0
                                                          Function 00F39F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EB9BB2
                                                          • GetSystemMetrics.USER32(0000000F), ref: 00F39FC7
                                                          • GetSystemMetrics.USER32(0000000F), ref: 00F39FE7
                                                          • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00F3A224
                                                          • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00F3A242
                                                          • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00F3A263
                                                          • ShowWindow.USER32(00000003,00000000), ref: 00F3A282
                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00F3A2A7
                                                          • DefDlgProcW.USER32(?,00000005,?,?), ref: 00F3A2CA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                          • String ID:
                                                          • API String ID: 1211466189-0
                                                          • Opcode ID: ac89e14382d76b35e70e9c79dc1863ca8d7b5e223f1cf91337d8bba1ae2c0a27
                                                          • Instruction ID: 0b14dbd9db992e1d4730118485e67dbb1f55ad0500ab98572d5f8b12c15c1ae1
                                                          • Opcode Fuzzy Hash: ac89e14382d76b35e70e9c79dc1863ca8d7b5e223f1cf91337d8bba1ae2c0a27
                                                          • Instruction Fuzzy Hash: 9DB1AD31A00219DFDF14CF69C9857AE7BF2FF44721F098069EC89AB295D731A940EB61
                                                          Function 00F0ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$LocalTime
                                                          • String ID:
                                                          • API String ID: 952045576-0
                                                          • Opcode ID: 738625176a33ca27bb8fdbb68363a720c3f73ab9c807a00649e26860119085a4
                                                          • Instruction ID: 4863f099a92cbe4ee408dc2b7131b465d2baeb6b24a2cfbdc0f4b936c7a68fac
                                                          • Opcode Fuzzy Hash: 738625176a33ca27bb8fdbb68363a720c3f73ab9c807a00649e26860119085a4
                                                          • Instruction Fuzzy Hash: 8D419F65C1021865CB11EBB4CD8AECFB7ECAF45310F50986AE518F31A1EB35E246D3A5
                                                          Function 00EBF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00EF682C,00000004,00000000,00000000), ref: 00EBF953
                                                          • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00EF682C,00000004,00000000,00000000), ref: 00EFF3D1
                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00EF682C,00000004,00000000,00000000), ref: 00EFF454
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ShowWindow
                                                          • String ID:
                                                          • API String ID: 1268545403-0
                                                          • Opcode ID: b9303d8c6f06ecda9275532419a1b647af898e4a0fadcca238a9c4104f2fea52
                                                          • Instruction ID: 97ad38a3566e5926fccace47ed629fd7eef1426917e9b39a9937a43ef6441d1c
                                                          • Opcode Fuzzy Hash: b9303d8c6f06ecda9275532419a1b647af898e4a0fadcca238a9c4104f2fea52
                                                          • Instruction Fuzzy Hash: 84412C31608684FAC7398BAC8C887FB7BA2AFD6328F14603CE18772560C631D880DB51
                                                          Function 00F32D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteObject.GDI32(00000000), ref: 00F32D1B
                                                          • GetDC.USER32(00000000), ref: 00F32D23
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F32D2E
                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00F32D3A
                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00F32D76
                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00F32D87
                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00F35A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00F32DC2
                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00F32DE1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                          • String ID:
                                                          • API String ID: 3864802216-0
                                                          • Opcode ID: c837cf1da6905ab942ca17b23e7402cdd546730bb714501964a52c7aca28cf8d
                                                          • Instruction ID: d37a767b0d5fdaf84735e9adae69e044913fa2ddf24113e4fb60d367f5d251a9
                                                          • Opcode Fuzzy Hash: c837cf1da6905ab942ca17b23e7402cdd546730bb714501964a52c7aca28cf8d
                                                          • Instruction Fuzzy Hash: A8317C72201214BFEB218F54CC8AFEB3BAAEF09725F044055FE08EA291C6759C51DBA4
                                                          Function 00F05622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _memcmp
                                                          • String ID:
                                                          • API String ID: 2931989736-0
                                                          • Opcode ID: 9aad152ad2d216785d49a504b6736bbf9d7fda6ccdcd44b48a7a78d0ee6c6eac
                                                          • Instruction ID: 771183cbe454c25d1def84736b7f1d597bc1afd7ac5786031ac87241c46f0c5c
                                                          • Opcode Fuzzy Hash: 9aad152ad2d216785d49a504b6736bbf9d7fda6ccdcd44b48a7a78d0ee6c6eac
                                                          • Instruction Fuzzy Hash: 8321DA62E40A09B7D71455148F82FBB339CAF21BA4F441024FD05AA6C2F7A2EE15BDA5
                                                          Function 00F24FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                          • API String ID: 0-572801152
                                                          • Opcode ID: 643538db4d4fd49aef4002cbcea16b8e59d9a6f4a06bb501c86610ab4a315c2c
                                                          • Instruction ID: f9015687aeb73fd3380e40f836f746b45b00d1c87231f3102f266c66107d3994
                                                          • Opcode Fuzzy Hash: 643538db4d4fd49aef4002cbcea16b8e59d9a6f4a06bb501c86610ab4a315c2c
                                                          • Instruction Fuzzy Hash: 3FD1C071E0062AAFDF10CFA8DC80BAEB7B5BF48754F148069E915AB280E771DD45DB90
                                                          Function 00EE1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00EE17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00EE15CE
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00EE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00EE1651
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00EE17FB,?,00EE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00EE16E4
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00EE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00EE16FB
                                                            • Part of subcall function 00ED3820: RtlAllocateHeap.NTDLL(00000000,?,00F71444,?,00EBFDF5,?,?,00EAA976,00000010,00F71440,00EA13FC,?,00EA13C6,?,00EA1129), ref: 00ED3852
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00EE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00EE1777
                                                          • __freea.LIBCMT ref: 00EE17A2
                                                          • __freea.LIBCMT ref: 00EE17AE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                          • String ID:
                                                          • API String ID: 2829977744-0
                                                          • Opcode ID: 11b27775b0c7081c930f2f963c7948da034cf4f100708e32fa2395e2fa49bbb9
                                                          • Instruction ID: d05dc850d4eb52a623fc9f530275b778cc681a98d4f77c6a06fd3c4c9b19ea5a
                                                          • Opcode Fuzzy Hash: 11b27775b0c7081c930f2f963c7948da034cf4f100708e32fa2395e2fa49bbb9
                                                          • Instruction Fuzzy Hash: 8C91B271E0029E9ADB208E76C841EEE7BB5AF45714F18669AE811F7281D735CC84C7A0
                                                          Function 00F24523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit
                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                          • API String ID: 2610073882-625585964
                                                          • Opcode ID: 3075221550f549cfed88ef203d2024906ae69bda1cbe862c9f8ae2d568762957
                                                          • Instruction ID: 36b182e8cecc9f7df8008453fb056f829facf5d8aa5a2ccdf68b4c842bccd1fb
                                                          • Opcode Fuzzy Hash: 3075221550f549cfed88ef203d2024906ae69bda1cbe862c9f8ae2d568762957
                                                          • Instruction Fuzzy Hash: 56918471E00225ABDF20CFA5DC44FAEBBB8EF46724F108559F515AB280D7B0A941DFA0
                                                          Function 00F11187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00F1125C
                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00F11284
                                                          • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00F112A8
                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F112D8
                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F1135F
                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F113C4
                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F11430
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                          • String ID:
                                                          • API String ID: 2550207440-0
                                                          • Opcode ID: aa6412918e16b3b4ecb5807b3e545a180db5d5f7706d8e9e898d8343a08f5d9d
                                                          • Instruction ID: ac04b7f5ee776bb3fd435b6b494a5376dcefc30087cf9869e51780c36caacdea
                                                          • Opcode Fuzzy Hash: aa6412918e16b3b4ecb5807b3e545a180db5d5f7706d8e9e898d8343a08f5d9d
                                                          • Instruction Fuzzy Hash: 71910476E00219AFDB00DFA4D884BFEB7B5FF45724F104129EA11EB291D774A981EB90
                                                          Function 00EB948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ObjectSelect$BeginCreatePath
                                                          • String ID:
                                                          • API String ID: 3225163088-0
                                                          • Opcode ID: 8f09668e73166e0024df98de8be70bbcecc418cd2feb7ec631bb5dae303ee735
                                                          • Instruction ID: bea0c7c89c41368222b317844e9e8d75f7c8b0a49214eac5d3345a566c920754
                                                          • Opcode Fuzzy Hash: 8f09668e73166e0024df98de8be70bbcecc418cd2feb7ec631bb5dae303ee735
                                                          • Instruction Fuzzy Hash: 06916971D40219EFCB14CFA9CC84AEEBBB9FF49320F149055E615B7252D374AA41CBA0
                                                          Function 00F23947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 00F2396B
                                                          • CharUpperBuffW.USER32(?,?), ref: 00F23A7A
                                                          • _wcslen.LIBCMT ref: 00F23A8A
                                                          • VariantClear.OLEAUT32(?), ref: 00F23C1F
                                                            • Part of subcall function 00F10CDF: VariantInit.OLEAUT32(00000000), ref: 00F10D1F
                                                            • Part of subcall function 00F10CDF: VariantCopy.OLEAUT32(?,?), ref: 00F10D28
                                                            • Part of subcall function 00F10CDF: VariantClear.OLEAUT32(?), ref: 00F10D34
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                          • API String ID: 4137639002-1221869570
                                                          • Opcode ID: 1c4c07f33a66036f662352cf012c46509fcf13db5a683521d60f0e4dc642bf63
                                                          • Instruction ID: 8588fd08db2eaadf80813c8db00056a11c63790f71e9e287b310a6df91374263
                                                          • Opcode Fuzzy Hash: 1c4c07f33a66036f662352cf012c46509fcf13db5a683521d60f0e4dc642bf63
                                                          • Instruction Fuzzy Hash: 769178B5A083159FC704EF24D48096AB7E5FF89314F04892DF88A9B351DB38EE45DB92
                                                          Function 00F24BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F0000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EFFF41,80070057,?,?,?,00F0035E), ref: 00F0002B
                                                            • Part of subcall function 00F0000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EFFF41,80070057,?,?), ref: 00F00046
                                                            • Part of subcall function 00F0000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EFFF41,80070057,?,?), ref: 00F00054
                                                            • Part of subcall function 00F0000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EFFF41,80070057,?), ref: 00F00064
                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00F24C51
                                                          • _wcslen.LIBCMT ref: 00F24D59
                                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00F24DCF
                                                          • CoTaskMemFree.OLE32(?), ref: 00F24DDA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                          • String ID: NULL Pointer assignment
                                                          • API String ID: 614568839-2785691316
                                                          • Opcode ID: 5cc6f337ab3ad2408d3d97199757c838c8f6249ab4d68e2f8890e927da279a45
                                                          • Instruction ID: 35a433ab8e4188b6e6ccfae23d7f6caa408f291760be95adf141f6bed0519901
                                                          • Opcode Fuzzy Hash: 5cc6f337ab3ad2408d3d97199757c838c8f6249ab4d68e2f8890e927da279a45
                                                          • Instruction Fuzzy Hash: 00912971D0022D9FDF14DFA4D891AEEB7B9BF08310F108169E915BB291DB746A44DFA0
                                                          Function 00F320FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenu.USER32(?), ref: 00F32183
                                                          • GetMenuItemCount.USER32(00000000), ref: 00F321B5
                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00F321DD
                                                          • _wcslen.LIBCMT ref: 00F32213
                                                          • GetMenuItemID.USER32(?,?), ref: 00F3224D
                                                          • GetSubMenu.USER32(?,?), ref: 00F3225B
                                                            • Part of subcall function 00F03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F03A57
                                                            • Part of subcall function 00F03A3D: GetCurrentThreadId.KERNEL32 ref: 00F03A5E
                                                            • Part of subcall function 00F03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F025B3), ref: 00F03A65
                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00F322E3
                                                            • Part of subcall function 00F0E97B: Sleep.KERNEL32 ref: 00F0E9F3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                          • String ID:
                                                          • API String ID: 4196846111-0
                                                          • Opcode ID: 5d8a8e7c98c1383a57b4ef827fed7f139eca896b5619c24059b6905934039bde
                                                          • Instruction ID: 24c3dc23a270cfd3b057e2f049170ea2dbc2217447ea3290dc477c74fa5bf7b4
                                                          • Opcode Fuzzy Hash: 5d8a8e7c98c1383a57b4ef827fed7f139eca896b5619c24059b6905934039bde
                                                          • Instruction Fuzzy Hash: 45717D76E00205AFCB50EF68C885AAEB7F5EF48320F148459E816FB351DB34EE419B90
                                                          Function 00F37E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindow.USER32(01545590), ref: 00F37F37
                                                          • IsWindowEnabled.USER32(01545590), ref: 00F37F43
                                                          • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00F3801E
                                                          • SendMessageW.USER32(01545590,000000B0,?,?), ref: 00F38051
                                                          • IsDlgButtonChecked.USER32(?,?), ref: 00F38089
                                                          • GetWindowLongW.USER32(01545590,000000EC), ref: 00F380AB
                                                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00F380C3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                          • String ID:
                                                          • API String ID: 4072528602-0
                                                          • Opcode ID: 153bc3ecebbf63b0a39ed1f175c3af1890eb26d9352936de3b71c7f3e44b6610
                                                          • Instruction ID: 508be7fa4494c65bfb17129568335c15a71406411e8a1b8774eabbac4bd0847b
                                                          • Opcode Fuzzy Hash: 153bc3ecebbf63b0a39ed1f175c3af1890eb26d9352936de3b71c7f3e44b6610
                                                          • Instruction Fuzzy Hash: 957190B4A08348AFEB35AF64CC84FAABBB5FF09370F144059F95557261CB31A845EB90
                                                          Function 00F0AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetParent.USER32(?), ref: 00F0AEF9
                                                          • GetKeyboardState.USER32(?), ref: 00F0AF0E
                                                          • SetKeyboardState.USER32(?), ref: 00F0AF6F
                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 00F0AF9D
                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 00F0AFBC
                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 00F0AFFD
                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00F0B020
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessagePost$KeyboardState$Parent
                                                          • String ID:
                                                          • API String ID: 87235514-0
                                                          • Opcode ID: 2d93d43ba1e8239d8554dc86eec14ac982eab282d4fbafe023de94c26589664d
                                                          • Instruction ID: c298050984cafd8d59adb9788a446a89d6eff53dd0b0c314f67583c67d4c5feb
                                                          • Opcode Fuzzy Hash: 2d93d43ba1e8239d8554dc86eec14ac982eab282d4fbafe023de94c26589664d
                                                          • Instruction Fuzzy Hash: AE51A1A1A047D63DFB368334CC45BBABEA95B06314F088589E1D9958C2D3D9ACC4F751
                                                          Function 00F0ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetParent.USER32(00000000), ref: 00F0AD19
                                                          • GetKeyboardState.USER32(?), ref: 00F0AD2E
                                                          • SetKeyboardState.USER32(?), ref: 00F0AD8F
                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00F0ADBB
                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00F0ADD8
                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00F0AE17
                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00F0AE38
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessagePost$KeyboardState$Parent
                                                          • String ID:
                                                          • API String ID: 87235514-0
                                                          • Opcode ID: c93cd2aea0bf0dd1a74a782b1eadb1fcdc11297b2d5819fb88f5b67195744408
                                                          • Instruction ID: fef215e74de32044806af56f7638b3b8562c0e37e9bc17555b5da0621187aa75
                                                          • Opcode Fuzzy Hash: c93cd2aea0bf0dd1a74a782b1eadb1fcdc11297b2d5819fb88f5b67195744408
                                                          • Instruction Fuzzy Hash: 815103A1D087D53DFB338334CC55BBABEA96B06310F088489E1D9568C3D294EC98F762
                                                          Function 00ED542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetConsoleCP.KERNEL32(00EE3CD6,?,?,?,?,?,?,?,?,00ED5BA3,?,?,00EE3CD6,?,?), ref: 00ED5470
                                                          • __fassign.LIBCMT ref: 00ED54EB
                                                          • __fassign.LIBCMT ref: 00ED5506
                                                          • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00EE3CD6,00000005,00000000,00000000), ref: 00ED552C
                                                          • WriteFile.KERNEL32(?,00EE3CD6,00000000,00ED5BA3,00000000,?,?,?,?,?,?,?,?,?,00ED5BA3,?), ref: 00ED554B
                                                          • WriteFile.KERNEL32(?,?,00000001,00ED5BA3,00000000,?,?,?,?,?,?,?,?,?,00ED5BA3,?), ref: 00ED5584
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                          • String ID:
                                                          • API String ID: 1324828854-0
                                                          • Opcode ID: 98f70f22615f09a3376373f060bcfa51f6d89406d27b0cd39ee3395d870326fe
                                                          • Instruction ID: 28a0fefedcac251b7115995815a5c5bc77b9cb28d3065b1ce00020660007e48c
                                                          • Opcode Fuzzy Hash: 98f70f22615f09a3376373f060bcfa51f6d89406d27b0cd39ee3395d870326fe
                                                          • Instruction Fuzzy Hash: 4751B071A00649AFDB11CFA8E845AEEBBF9EF08300F14511BE556F7391D6319A82CF61
                                                          Function 00F210B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F2304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F2307A
                                                            • Part of subcall function 00F2304E: _wcslen.LIBCMT ref: 00F2309B
                                                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00F21112
                                                          • WSAGetLastError.WSOCK32 ref: 00F21121
                                                          • WSAGetLastError.WSOCK32 ref: 00F211C9
                                                          • closesocket.WSOCK32(00000000), ref: 00F211F9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                          • String ID:
                                                          • API String ID: 2675159561-0
                                                          • Opcode ID: 6f1cf3533c5bd1e1af5a5ec018bc3afa47d09ce2e8b666719a54b8ddfaa40203
                                                          • Instruction ID: dbde30f2b46c2419e74a57067bd0d42548562b9eb9743e298bd3b18442972aea
                                                          • Opcode Fuzzy Hash: 6f1cf3533c5bd1e1af5a5ec018bc3afa47d09ce2e8b666719a54b8ddfaa40203
                                                          • Instruction Fuzzy Hash: D9410536600218AFDB109F24DC84BAAB7EAFF45324F148059FD05AB291C774EE41DBE5
                                                          Function 00F0CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F0DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F0CF22,?), ref: 00F0DDFD
                                                            • Part of subcall function 00F0DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F0CF22,?), ref: 00F0DE16
                                                          • lstrcmpiW.KERNEL32(?,?), ref: 00F0CF45
                                                          • MoveFileW.KERNEL32(?,?), ref: 00F0CF7F
                                                          • _wcslen.LIBCMT ref: 00F0D005
                                                          • _wcslen.LIBCMT ref: 00F0D01B
                                                          • SHFileOperationW.SHELL32(?), ref: 00F0D061
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                          • String ID: \*.*
                                                          • API String ID: 3164238972-1173974218
                                                          • Opcode ID: 6f01dbb920d6f8cfb348cd7bf7fbb59c19ad6b25da546cef6c0f28d06d13d3b6
                                                          • Instruction ID: 03091c6c4a82f5ce38f9bad48dc05371c8c7d0a50583edf456c0991abdce1e75
                                                          • Opcode Fuzzy Hash: 6f01dbb920d6f8cfb348cd7bf7fbb59c19ad6b25da546cef6c0f28d06d13d3b6
                                                          • Instruction Fuzzy Hash: 794178B1D052195FDF12EBA4CD81EDEB7F9AF48380F0000E6E505EB182EA34A644EB51
                                                          Function 00F32DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F32E1C
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F32E4F
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F32E84
                                                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00F32EB6
                                                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00F32EE0
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F32EF1
                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F32F0B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: LongWindow$MessageSend
                                                          • String ID:
                                                          • API String ID: 2178440468-0
                                                          • Opcode ID: df77c00c2cb3327c80e42715c91bd060404da3d8baba427109e335529d1b03bd
                                                          • Instruction ID: f3c05e7b743c12b93b32c041c182e6e87d7b80aff7408d5a1328679e8aab429d
                                                          • Opcode Fuzzy Hash: df77c00c2cb3327c80e42715c91bd060404da3d8baba427109e335529d1b03bd
                                                          • Instruction Fuzzy Hash: 84310535A04258DFEB61CF58DC86F6537E1FB4A730F150164FA089B2B1CB71A885EB41
                                                          Function 00F07726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F07769
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F0778F
                                                          • SysAllocString.OLEAUT32(00000000), ref: 00F07792
                                                          • SysAllocString.OLEAUT32(?), ref: 00F077B0
                                                          • SysFreeString.OLEAUT32(?), ref: 00F077B9
                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00F077DE
                                                          • SysAllocString.OLEAUT32(?), ref: 00F077EC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                          • String ID:
                                                          • API String ID: 3761583154-0
                                                          • Opcode ID: 85c909c57a0d8cba7d60d82359d07181cbc8f9abc6721a08673babd374eca731
                                                          • Instruction ID: d5334bdb2136deed68a5942b9d38b721cb5dd628816eb86553be3960f8e4bb6a
                                                          • Opcode Fuzzy Hash: 85c909c57a0d8cba7d60d82359d07181cbc8f9abc6721a08673babd374eca731
                                                          • Instruction Fuzzy Hash: CC21B276A04219AFDB10EFA8CC88DBB73ADEB093B47008065FA04DB190D670EC41A7A0
                                                          Function 00F077FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F07842
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F07868
                                                          • SysAllocString.OLEAUT32(00000000), ref: 00F0786B
                                                          • SysAllocString.OLEAUT32 ref: 00F0788C
                                                          • SysFreeString.OLEAUT32 ref: 00F07895
                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00F078AF
                                                          • SysAllocString.OLEAUT32(?), ref: 00F078BD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                          • String ID:
                                                          • API String ID: 3761583154-0
                                                          • Opcode ID: c264f6f6b001fed49265381dae09e4b077bebc5fd993ad642e82b5e3ed8b7ee6
                                                          • Instruction ID: 636acf6087849f4442b5c5362d322e8a7c5f224a0235c34ccd9e65024896f67b
                                                          • Opcode Fuzzy Hash: c264f6f6b001fed49265381dae09e4b077bebc5fd993ad642e82b5e3ed8b7ee6
                                                          • Instruction Fuzzy Hash: 36217732A04208AFDB10AFB8DC88DBA77EDEB09770750C165F915DB1A1D674EC41EB64
                                                          Function 00F104D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetStdHandle.KERNEL32(0000000C), ref: 00F104F2
                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00F1052E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateHandlePipe
                                                          • String ID: nul
                                                          • API String ID: 1424370930-2873401336
                                                          • Opcode ID: 7067a16b74510557f037e600e6dcc79551b3a9f46350a97149d4c74463a83c96
                                                          • Instruction ID: b1a7ece3d144dc5c5bc056f4ab4a0f28f32f9015005722dfdcbe90ad50ce9d9a
                                                          • Opcode Fuzzy Hash: 7067a16b74510557f037e600e6dcc79551b3a9f46350a97149d4c74463a83c96
                                                          • Instruction Fuzzy Hash: E9218075900305ABDB209F29DC44ADA77A6AF44734F244A19F8A1E62E0DBB0D9D0EF60
                                                          Function 00F105A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetStdHandle.KERNEL32(000000F6), ref: 00F105C6
                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00F10601
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateHandlePipe
                                                          • String ID: nul
                                                          • API String ID: 1424370930-2873401336
                                                          • Opcode ID: b6051ee7ef93e68f5c3d49898e1710a57d362117029e20ce242a5212fe075071
                                                          • Instruction ID: ccb4b608bf887235f628773f6da66d142d2d78a7c38143f4327d728a8e439c49
                                                          • Opcode Fuzzy Hash: b6051ee7ef93e68f5c3d49898e1710a57d362117029e20ce242a5212fe075071
                                                          • Instruction Fuzzy Hash: 412165759003059BDB209F69DC44ADA77E5BF95730F204A19F8A1E72D0DBF099E0EB60
                                                          Function 00F340AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00EA604C
                                                            • Part of subcall function 00EA600E: GetStockObject.GDI32(00000011), ref: 00EA6060
                                                            • Part of subcall function 00EA600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00EA606A
                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00F34112
                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00F3411F
                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00F3412A
                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00F34139
                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00F34145
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                          • String ID: Msctls_Progress32
                                                          • API String ID: 1025951953-3636473452
                                                          • Opcode ID: 1044876df94998bbad8a3d1d4c3c4424815e9cebe58dd1fc1c2030591ef2ac9e
                                                          • Instruction ID: a6ad03ac65491d0bd6f2b988c7338c48d9a3ee8b2c11bedf11b14e8069defa4b
                                                          • Opcode Fuzzy Hash: 1044876df94998bbad8a3d1d4c3c4424815e9cebe58dd1fc1c2030591ef2ac9e
                                                          • Instruction Fuzzy Hash: 1211B6B214021DBEEF219F64CC86EE77F5DEF097A8F014111F618A6050C676EC61EBA4
                                                          Function 00EDD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EDD7A3: _free.LIBCMT ref: 00EDD7CC
                                                          • _free.LIBCMT ref: 00EDD82D
                                                            • Part of subcall function 00ED29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000), ref: 00ED29DE
                                                            • Part of subcall function 00ED29C8: GetLastError.KERNEL32(00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000,00000000), ref: 00ED29F0
                                                          • _free.LIBCMT ref: 00EDD838
                                                          • _free.LIBCMT ref: 00EDD843
                                                          • _free.LIBCMT ref: 00EDD897
                                                          • _free.LIBCMT ref: 00EDD8A2
                                                          • _free.LIBCMT ref: 00EDD8AD
                                                          • _free.LIBCMT ref: 00EDD8B8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                          • Instruction ID: ab0d89a65862553a6a421d9dcc92f3ffa2d2f7870044ef8ea9e3117118154ad4
                                                          • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                          • Instruction Fuzzy Hash: ED115E71544B04AAD621BFB0CC47FCB7BDCEF50700F40282BB29DB6292DA66B5079760
                                                          Function 00F0DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00F0DA74
                                                          • LoadStringW.USER32(00000000), ref: 00F0DA7B
                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00F0DA91
                                                          • LoadStringW.USER32(00000000), ref: 00F0DA98
                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F0DADC
                                                          Strings
                                                          • %s (%d) : ==> %s: %s %s, xrefs: 00F0DAB9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: HandleLoadModuleString$Message
                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                          • API String ID: 4072794657-3128320259
                                                          • Opcode ID: 35fd98dc3cd542b25eb483d5cb3401fea6ed92a1e70c507fd647f3a3d7d84ca1
                                                          • Instruction ID: e7e2abc4fce3fbd03ab06773d4797bfa26ef41562aef43cd4060a50b6ee3d63c
                                                          • Opcode Fuzzy Hash: 35fd98dc3cd542b25eb483d5cb3401fea6ed92a1e70c507fd647f3a3d7d84ca1
                                                          • Instruction Fuzzy Hash: 530162F290020C7FE710ABA09D89EE7326CE708711F401495B706F2082EA749E846FB4
                                                          Function 00F1096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InterlockedExchange.KERNEL32(0153DFE0,0153DFE0), ref: 00F1097B
                                                          • EnterCriticalSection.KERNEL32(0153DFC0,00000000), ref: 00F1098D
                                                          • TerminateThread.KERNEL32(?,000001F6), ref: 00F1099B
                                                          • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00F109A9
                                                          • CloseHandle.KERNEL32(?), ref: 00F109B8
                                                          • InterlockedExchange.KERNEL32(0153DFE0,000001F6), ref: 00F109C8
                                                          • LeaveCriticalSection.KERNEL32(0153DFC0), ref: 00F109CF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                          • String ID:
                                                          • API String ID: 3495660284-0
                                                          • Opcode ID: 5c837b8461092286d5e61c0b24310697612e5f7bd531bf2d4ba48042abd63984
                                                          • Instruction ID: 973ec0795fac275c519b201864607e7d48acde898086409167ce31e344f2d1bc
                                                          • Opcode Fuzzy Hash: 5c837b8461092286d5e61c0b24310697612e5f7bd531bf2d4ba48042abd63984
                                                          • Instruction Fuzzy Hash: CBF0CD31442516BBD7515B94EE89ADA7A36BF05722F801015F141608A1CBB5D4B5EFD0
                                                          Function 00F21C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00F21DC0
                                                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00F21DE1
                                                          • WSAGetLastError.WSOCK32 ref: 00F21DF2
                                                          • htons.WSOCK32(?,?,?,?,?), ref: 00F21EDB
                                                          • inet_ntoa.WSOCK32(?), ref: 00F21E8C
                                                            • Part of subcall function 00F039E8: _strlen.LIBCMT ref: 00F039F2
                                                            • Part of subcall function 00F23224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00F1EC0C), ref: 00F23240
                                                          • _strlen.LIBCMT ref: 00F21F35
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                          • String ID:
                                                          • API String ID: 3203458085-0
                                                          • Opcode ID: 1be37f7d3478b7ef2bb8731b4cdb6e3e8372d474e176630403814ee480149ba8
                                                          • Instruction ID: c4a3463b88f1b0661c1cec0fb13f5835b5be33ef61786f857d23ec61c15a2995
                                                          • Opcode Fuzzy Hash: 1be37f7d3478b7ef2bb8731b4cdb6e3e8372d474e176630403814ee480149ba8
                                                          • Instruction Fuzzy Hash: C1B1CD31604310AFC324DF24D891E6A7BE5BF99328F58855CF4666F2A2CB31ED42DB91
                                                          Function 00EA5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetClientRect.USER32(?,?), ref: 00EA5D30
                                                          • GetWindowRect.USER32(?,?), ref: 00EA5D71
                                                          • ScreenToClient.USER32(?,?), ref: 00EA5D99
                                                          • GetClientRect.USER32(?,?), ref: 00EA5ED7
                                                          • GetWindowRect.USER32(?,?), ref: 00EA5EF8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Rect$Client$Window$Screen
                                                          • String ID:
                                                          • API String ID: 1296646539-0
                                                          • Opcode ID: ff08cd7d84761d8b0b40b082f7e636e72371bbafbae408b95dcabeaf68ec5c9c
                                                          • Instruction ID: 62788ee43b976cf10d4a0f183cd541db3f109bf732aad182c53e3e3d5bef042b
                                                          • Opcode Fuzzy Hash: ff08cd7d84761d8b0b40b082f7e636e72371bbafbae408b95dcabeaf68ec5c9c
                                                          • Instruction Fuzzy Hash: 3FB19D75A00B8ADBDB14CFA9C4407EEB7F1FF58314F14A41AE8A9E7290D730AA40DB54
                                                          Function 00ED01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __allrem.LIBCMT ref: 00ED00BA
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED00D6
                                                          • __allrem.LIBCMT ref: 00ED00ED
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED010B
                                                          • __allrem.LIBCMT ref: 00ED0122
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED0140
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                          • String ID:
                                                          • API String ID: 1992179935-0
                                                          • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                          • Instruction ID: a53c2cbd4f30b7c14ed329b642c5e3f8d64c061cf440ff309c4175b238238686
                                                          • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                          • Instruction Fuzzy Hash: CB81E572A01706ABE7249E29CC41BAA73EAEF41364F28653FF551F7381E771D9028790
                                                          Function 00ED61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00EC82D9,00EC82D9,?,?,?,00ED644F,00000001,00000001,?), ref: 00ED6258
                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00ED644F,00000001,00000001,?,?,?,?), ref: 00ED62DE
                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00ED63D8
                                                          • __freea.LIBCMT ref: 00ED63E5
                                                            • Part of subcall function 00ED3820: RtlAllocateHeap.NTDLL(00000000,?,00F71444,?,00EBFDF5,?,?,00EAA976,00000010,00F71440,00EA13FC,?,00EA13C6,?,00EA1129), ref: 00ED3852
                                                          • __freea.LIBCMT ref: 00ED63EE
                                                          • __freea.LIBCMT ref: 00ED6413
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1414292761-0
                                                          • Opcode ID: 7f64401b741ea84923d331a33a328fca7920b7928913344d35a0ed0ff565f56b
                                                          • Instruction ID: 67403dd8fba07035f229311303498ce4d438cfd094c2b4f6234a52c34b7737e0
                                                          • Opcode Fuzzy Hash: 7f64401b741ea84923d331a33a328fca7920b7928913344d35a0ed0ff565f56b
                                                          • Instruction Fuzzy Hash: 5A510272A00216ABDB258F64DC81EBF77AAEF94714F14522AFC05F7291DB34DC42D6A0
                                                          Function 00F2BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00F2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F2B6AE,?,?), ref: 00F2C9B5
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2C9F1
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2CA68
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2CA9E
                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F2BCCA
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F2BD25
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00F2BD6A
                                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00F2BD99
                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00F2BDF3
                                                          • RegCloseKey.ADVAPI32(?), ref: 00F2BDFF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                          • String ID:
                                                          • API String ID: 1120388591-0
                                                          • Opcode ID: 45a091ae33991c2327bdf8c05cc9ac2f8e827eca3ec9c214f65699f687fc039c
                                                          • Instruction ID: 4e8cfa2eb6f71d7e01bf9cc9f684346af1cdf7dec1c4129cf8b8d93379316d2d
                                                          • Opcode Fuzzy Hash: 45a091ae33991c2327bdf8c05cc9ac2f8e827eca3ec9c214f65699f687fc039c
                                                          • Instruction Fuzzy Hash: 1D81E031608241EFC714DF24D881E6ABBE5FF85318F14886CF8599B2A2CB31ED45DB92
                                                          Function 00EFF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(00000035), ref: 00EFF7B9
                                                          • SysAllocString.OLEAUT32(00000001), ref: 00EFF860
                                                          • VariantCopy.OLEAUT32(00EFFA64,00000000), ref: 00EFF889
                                                          • VariantClear.OLEAUT32(00EFFA64), ref: 00EFF8AD
                                                          • VariantCopy.OLEAUT32(00EFFA64,00000000), ref: 00EFF8B1
                                                          • VariantClear.OLEAUT32(?), ref: 00EFF8BB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                          • String ID:
                                                          • API String ID: 3859894641-0
                                                          • Opcode ID: 3bcb0ee154c00406cf9bec39629e2d204d005fa22880eb73c73132779b25ac31
                                                          • Instruction ID: 4430577f7f3f6b8b82b42853b8f8379432c82d3f302e099b3909e7cbd8fc502b
                                                          • Opcode Fuzzy Hash: 3bcb0ee154c00406cf9bec39629e2d204d005fa22880eb73c73132779b25ac31
                                                          • Instruction Fuzzy Hash: AF51E931500318BACF24ABA5D895B79B3E5EF85310F24B467EA05FF292DBB09C40D796
                                                          Function 00F1910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA7620: _wcslen.LIBCMT ref: 00EA7625
                                                            • Part of subcall function 00EA6B57: _wcslen.LIBCMT ref: 00EA6B6A
                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 00F194E5
                                                          • _wcslen.LIBCMT ref: 00F19506
                                                          • _wcslen.LIBCMT ref: 00F1952D
                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 00F19585
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$FileName$OpenSave
                                                          • String ID: X
                                                          • API String ID: 83654149-3081909835
                                                          • Opcode ID: 72da7fad26d2fd23016773e7d5638ec1e0783a1c42af9446b526de9b40682c96
                                                          • Instruction ID: 0a082dd9b73093f40696a213cc38b5efb45159a9aab7cd48014aef30ad7f4b99
                                                          • Opcode Fuzzy Hash: 72da7fad26d2fd23016773e7d5638ec1e0783a1c42af9446b526de9b40682c96
                                                          • Instruction Fuzzy Hash: 19E1D6319083408FD714DF24C891BAEB7E5BF89314F04856DF899AB292DB71ED45CB92
                                                          Function 00EB920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EB9BB2
                                                          • BeginPaint.USER32(?,?,?), ref: 00EB9241
                                                          • GetWindowRect.USER32(?,?), ref: 00EB92A5
                                                          • ScreenToClient.USER32(?,?), ref: 00EB92C2
                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00EB92D3
                                                          • EndPaint.USER32(?,?,?,?,?), ref: 00EB9321
                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00EF71EA
                                                            • Part of subcall function 00EB9339: BeginPath.GDI32(00000000), ref: 00EB9357
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                          • String ID:
                                                          • API String ID: 3050599898-0
                                                          • Opcode ID: b7ea906b69d30a4387cbdcb34cb60b4a40cd5a719e60e031057fb066f6ebdc24
                                                          • Instruction ID: 697fcb3a3758090f5c0f6d1fcfb4786a1aa33d92d00a40784f36b5993df2a441
                                                          • Opcode Fuzzy Hash: b7ea906b69d30a4387cbdcb34cb60b4a40cd5a719e60e031057fb066f6ebdc24
                                                          • Instruction Fuzzy Hash: 92419F31105204AFD711DF28DC85FBB7BF9EB45724F140229FA98A71A2C7319849EB62
                                                          Function 00F107EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 00F1080C
                                                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00F10847
                                                          • EnterCriticalSection.KERNEL32(?), ref: 00F10863
                                                          • LeaveCriticalSection.KERNEL32(?), ref: 00F108DC
                                                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00F108F3
                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 00F10921
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                          • String ID:
                                                          • API String ID: 3368777196-0
                                                          • Opcode ID: dedcb8acf186f198cd8d2ae1ce5932eb1aa77b492b8ff7001ba5f316b07b4256
                                                          • Instruction ID: 2a14975a0e52014234f6c9f44a44d9dc3683077d2512be3cd23ff893444286f7
                                                          • Opcode Fuzzy Hash: dedcb8acf186f198cd8d2ae1ce5932eb1aa77b492b8ff7001ba5f316b07b4256
                                                          • Instruction Fuzzy Hash: 25418271900205EFDF149F54DC85AAA77B9FF04320F1440A9ED00AA297DB71DE91EBA4
                                                          Function 00F381DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00EFF3AB,00000000,?,?,00000000,?,00EF682C,00000004,00000000,00000000), ref: 00F3824C
                                                          • EnableWindow.USER32(?,00000000), ref: 00F38272
                                                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00F382D1
                                                          • ShowWindow.USER32(?,00000004), ref: 00F382E5
                                                          • EnableWindow.USER32(?,00000001), ref: 00F3830B
                                                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00F3832F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Show$Enable$MessageSend
                                                          • String ID:
                                                          • API String ID: 642888154-0
                                                          • Opcode ID: ad2f6c54134a6063d663e5878574c1cfd7ad8c93c11b090a831b4006a47d4b71
                                                          • Instruction ID: 7f090588e6d2aac1a762320a8fcdc22a4b40c916d580e97fb84c25e3f42e8263
                                                          • Opcode Fuzzy Hash: ad2f6c54134a6063d663e5878574c1cfd7ad8c93c11b090a831b4006a47d4b71
                                                          • Instruction Fuzzy Hash: BE41B430A01748AFDB11CF15CC99BE97BF1BB0A774F184169FA084B262CB35A847EB51
                                                          Function 00F04C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindowVisible.USER32(?), ref: 00F04C95
                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00F04CB2
                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00F04CEA
                                                          • _wcslen.LIBCMT ref: 00F04D08
                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00F04D10
                                                          • _wcsstr.LIBVCRUNTIME ref: 00F04D1A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                          • String ID:
                                                          • API String ID: 72514467-0
                                                          • Opcode ID: 3b5422ec38b7b08c18f6e26e0ba2811f3be50c1450fcbb43c4e41e041456720a
                                                          • Instruction ID: 984395d4732647be3c945a97eeb388d1e8c0b50e0451fb0824c1a878e25dcd98
                                                          • Opcode Fuzzy Hash: 3b5422ec38b7b08c18f6e26e0ba2811f3be50c1450fcbb43c4e41e041456720a
                                                          • Instruction Fuzzy Hash: 442107B2605204BBEB155B35AC0AE7B7BDDDF45760F10803DF909DA1D1DA61EC01B7A0
                                                          Function 00F1581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EA3A97,?,?,00EA2E7F,?,?,?,00000000), ref: 00EA3AC2
                                                          • _wcslen.LIBCMT ref: 00F1587B
                                                          • CoInitialize.OLE32(00000000), ref: 00F15995
                                                          • CoCreateInstance.OLE32(00F3FCF8,00000000,00000001,00F3FB68,?), ref: 00F159AE
                                                          • CoUninitialize.OLE32 ref: 00F159CC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                          • String ID: .lnk
                                                          • API String ID: 3172280962-24824748
                                                          • Opcode ID: 9f6c147a695c20d895c529a983c55aaf14d98ceaa39b183f8eec13e229616e9f
                                                          • Instruction ID: 8d9756424bfa0c17b4722992852997d134f7f4df2cf911cb10040f2c582827cf
                                                          • Opcode Fuzzy Hash: 9f6c147a695c20d895c529a983c55aaf14d98ceaa39b183f8eec13e229616e9f
                                                          • Instruction Fuzzy Hash: D8D16575A08601DFC714DF24C480A6ABBE2EFC9B20F14485DF889AB361D731ED85DB92
                                                          Function 00F0175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F00FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F00FCA
                                                            • Part of subcall function 00F00FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F00FD6
                                                            • Part of subcall function 00F00FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F00FE5
                                                            • Part of subcall function 00F00FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00F00FEC
                                                            • Part of subcall function 00F00FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F01002
                                                          • GetLengthSid.ADVAPI32(?,00000000,00F01335), ref: 00F017AE
                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00F017BA
                                                          • HeapAlloc.KERNEL32(00000000), ref: 00F017C1
                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 00F017DA
                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00F01335), ref: 00F017EE
                                                          • HeapFree.KERNEL32(00000000), ref: 00F017F5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                          • String ID:
                                                          • API String ID: 3008561057-0
                                                          • Opcode ID: bf96822a7cac068ef0e2d71faf2e3e857f3419bb22d4a326d14e97e64b7ca258
                                                          • Instruction ID: f04d7b8394be0776cf0d0ff7432683c907ef08a94e72d71ab0528c11efb2e926
                                                          • Opcode Fuzzy Hash: bf96822a7cac068ef0e2d71faf2e3e857f3419bb22d4a326d14e97e64b7ca258
                                                          • Instruction Fuzzy Hash: 60118E72A00209FFDB149FA4CC49BAF7BEAFB45365F104118F481A7291D739A944FBA0
                                                          Function 00F014CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00F014FF
                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00F01506
                                                          • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00F01515
                                                          • CloseHandle.KERNEL32(00000004), ref: 00F01520
                                                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F0154F
                                                          • DestroyEnvironmentBlock.USERENV(00000000), ref: 00F01563
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                          • String ID:
                                                          • API String ID: 1413079979-0
                                                          • Opcode ID: 9e5864426083ec789a378e50594fae2cdb79027c4844a93a5a78a9c196db761e
                                                          • Instruction ID: eb2c7f7a814c91c6684dda007dd0bd480ce07693e9392d1a6781a58abebd874f
                                                          • Opcode Fuzzy Hash: 9e5864426083ec789a378e50594fae2cdb79027c4844a93a5a78a9c196db761e
                                                          • Instruction Fuzzy Hash: D311297650024DABDF11CF98DD49BDE7BAAFF49764F044015FA05A20A0C3758E64FBA0
                                                          Function 00EC3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,00EC3379,00EC2FE5), ref: 00EC3390
                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00EC339E
                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00EC33B7
                                                          • SetLastError.KERNEL32(00000000,?,00EC3379,00EC2FE5), ref: 00EC3409
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastValue___vcrt_
                                                          • String ID:
                                                          • API String ID: 3852720340-0
                                                          • Opcode ID: 81449ab5fef49c2300b99dd6a32515fdacd824185a876340bd40f34542e43522
                                                          • Instruction ID: 9ba1e28d576aa1e235d8fe1c20197d8a170999f2e281094ede08fc4af1393dbe
                                                          • Opcode Fuzzy Hash: 81449ab5fef49c2300b99dd6a32515fdacd824185a876340bd40f34542e43522
                                                          • Instruction Fuzzy Hash: 2301D23260C355BEA61427787E95F663A94EB1537D320A22EF470A11F0EE534D036184
                                                          Function 00ED2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,00ED5686,00EE3CD6,?,00000000,?,00ED5B6A,?,?,?,?,?,00ECE6D1,?,00F68A48), ref: 00ED2D78
                                                          • _free.LIBCMT ref: 00ED2DAB
                                                          • _free.LIBCMT ref: 00ED2DD3
                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,00ECE6D1,?,00F68A48,00000010,00EA4F4A,?,?,00000000,00EE3CD6), ref: 00ED2DE0
                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,00ECE6D1,?,00F68A48,00000010,00EA4F4A,?,?,00000000,00EE3CD6), ref: 00ED2DEC
                                                          • _abort.LIBCMT ref: 00ED2DF2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$_free$_abort
                                                          • String ID:
                                                          • API String ID: 3160817290-0
                                                          • Opcode ID: 60cfa637c6e229a797b97393044ba0d523642356cfb1431cf4cc28a7bc6566c9
                                                          • Instruction ID: 8c9de84fd994a5113036b2354eaae8276fd507e7ecbebfff1d3f2077c535e2d3
                                                          • Opcode Fuzzy Hash: 60cfa637c6e229a797b97393044ba0d523642356cfb1431cf4cc28a7bc6566c9
                                                          • Instruction Fuzzy Hash: 42F0CD3550460067C21227357C06E5F3597EFE27B5F24641FF664B23D1EF6588036271
                                                          Function 00F38A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00EB9693
                                                            • Part of subcall function 00EB9639: SelectObject.GDI32(?,00000000), ref: 00EB96A2
                                                            • Part of subcall function 00EB9639: BeginPath.GDI32(?), ref: 00EB96B9
                                                            • Part of subcall function 00EB9639: SelectObject.GDI32(?,00000000), ref: 00EB96E2
                                                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00F38A4E
                                                          • LineTo.GDI32(?,00000003,00000000), ref: 00F38A62
                                                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00F38A70
                                                          • LineTo.GDI32(?,00000000,00000003), ref: 00F38A80
                                                          • EndPath.GDI32(?), ref: 00F38A90
                                                          • StrokePath.GDI32(?), ref: 00F38AA0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                          • String ID:
                                                          • API String ID: 43455801-0
                                                          • Opcode ID: 2b0c5f51f0118362facc6e4aab00920d95c3424a4bffcdcd85c24bd721b3f2ad
                                                          • Instruction ID: b5e3bdaf2f9c033bf780b382b8927babfd4752ae4e0c302493d64dce3dbd26d2
                                                          • Opcode Fuzzy Hash: 2b0c5f51f0118362facc6e4aab00920d95c3424a4bffcdcd85c24bd721b3f2ad
                                                          • Instruction Fuzzy Hash: B011DB7640014DFFDF129F94DC88EAA7F6DEF083A4F048012BA19AA1A1C7719D55EFA0
                                                          Function 00F051FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDC.USER32(00000000), ref: 00F05218
                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00F05229
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F05230
                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00F05238
                                                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00F0524F
                                                          • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00F05261
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CapsDevice$Release
                                                          • String ID:
                                                          • API String ID: 1035833867-0
                                                          • Opcode ID: d099e2d696c2ef1d035d850802ac72bf7db100726beb386dd5742df369f6a314
                                                          • Instruction ID: 267426b52b817ea35fe73c4216bde22ba8dcfd39793c2b3b2b6c29c10d48c8ae
                                                          • Opcode Fuzzy Hash: d099e2d696c2ef1d035d850802ac72bf7db100726beb386dd5742df369f6a314
                                                          • Instruction Fuzzy Hash: A3016276E00718BBEB109BA59C49E5EBFB9EF48761F044065FA04F7291D6709C00EFA0
                                                          Function 00EA1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00EA1BF4
                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 00EA1BFC
                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00EA1C07
                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00EA1C12
                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 00EA1C1A
                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EA1C22
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Virtual
                                                          • String ID:
                                                          • API String ID: 4278518827-0
                                                          • Opcode ID: 705bd83c85b2089c74c9ff3eb8793549eef73ffed9a12064727e10408ebf53ad
                                                          • Instruction ID: a407963604c5f8dacbd9f6e6cb22574b49e0f051351d3f8eed8bc5e1525848d1
                                                          • Opcode Fuzzy Hash: 705bd83c85b2089c74c9ff3eb8793549eef73ffed9a12064727e10408ebf53ad
                                                          • Instruction Fuzzy Hash: 7F0167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                          Function 00F0EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00F0EB30
                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00F0EB46
                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 00F0EB55
                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F0EB64
                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F0EB6E
                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F0EB75
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                          • String ID:
                                                          • API String ID: 839392675-0
                                                          • Opcode ID: c24117c50e2b2e969d6680d3b7e712b9d2bde1ae2d0b96f55c6695ac28af195a
                                                          • Instruction ID: f3a10d3ea2505ce3a1ba730de213b2941637de9e7e0d1d2ebacd82b79ac76624
                                                          • Opcode Fuzzy Hash: c24117c50e2b2e969d6680d3b7e712b9d2bde1ae2d0b96f55c6695ac28af195a
                                                          • Instruction Fuzzy Hash: 89F03A7264015CBBE7215B629C0EEEF3A7DEFCAB21F004158F601E1191D7A05A01EBF5
                                                          Function 00EF7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetClientRect.USER32(?), ref: 00EF7452
                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 00EF7469
                                                          • GetWindowDC.USER32(?), ref: 00EF7475
                                                          • GetPixel.GDI32(00000000,?,?), ref: 00EF7484
                                                          • ReleaseDC.USER32(?,00000000), ref: 00EF7496
                                                          • GetSysColor.USER32(00000005), ref: 00EF74B0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                          • String ID:
                                                          • API String ID: 272304278-0
                                                          • Opcode ID: 1a4f9b0036ad0ea2e02ac61e9723220a23a283bafa19ea542a6933c2219def21
                                                          • Instruction ID: d3b2746a80c54a57cbc77f77cb28224db89f94ab3a7af389726b2ff4cb2759a3
                                                          • Opcode Fuzzy Hash: 1a4f9b0036ad0ea2e02ac61e9723220a23a283bafa19ea542a6933c2219def21
                                                          • Instruction Fuzzy Hash: 65014B31400619EFEB515F64DC09BEA7BB6FB04321F550164FA69B21A1CB311E51BB91
                                                          Function 00F01874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00F0187F
                                                          • UnloadUserProfile.USERENV(?,?), ref: 00F0188B
                                                          • CloseHandle.KERNEL32(?), ref: 00F01894
                                                          • CloseHandle.KERNEL32(?), ref: 00F0189C
                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00F018A5
                                                          • HeapFree.KERNEL32(00000000), ref: 00F018AC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                          • String ID:
                                                          • API String ID: 146765662-0
                                                          • Opcode ID: 87852fea6ab162dd400e9326512879f381dc3bbf970ba24d341bc0b038cab255
                                                          • Instruction ID: 36624cc84ff6a9ca78d28fc8465a9b0412c039fe8d792157aa526ef0cba7d075
                                                          • Opcode Fuzzy Hash: 87852fea6ab162dd400e9326512879f381dc3bbf970ba24d341bc0b038cab255
                                                          • Instruction Fuzzy Hash: A1E0E536004109BBEB016FA2ED0C90ABF3AFF49B32B108220F265A1071CB329430FF90
                                                          Function 00F27B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EC0242: EnterCriticalSection.KERNEL32(00F7070C,00F71884,?,?,00EB198B,00F72518,?,?,?,00EA12F9,00000000), ref: 00EC024D
                                                            • Part of subcall function 00EC0242: LeaveCriticalSection.KERNEL32(00F7070C,?,00EB198B,00F72518,?,?,?,00EA12F9,00000000), ref: 00EC028A
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00EC00A3: __onexit.LIBCMT ref: 00EC00A9
                                                          • __Init_thread_footer.LIBCMT ref: 00F27BFB
                                                            • Part of subcall function 00EC01F8: EnterCriticalSection.KERNEL32(00F7070C,?,?,00EB8747,00F72514), ref: 00EC0202
                                                            • Part of subcall function 00EC01F8: LeaveCriticalSection.KERNEL32(00F7070C,?,00EB8747,00F72514), ref: 00EC0235
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                          • String ID: +T$5$G$Variable must be of type 'Object'.
                                                          • API String ID: 535116098-4125810065
                                                          • Opcode ID: ff87b41e9ca731ea067228ace00743627c571a8308a970c6bd35cd281aa8fb45
                                                          • Instruction ID: c20bb8fd54d4d4550786c859d7f6e37c574f6527b2fe3da0528321752bf291a6
                                                          • Opcode Fuzzy Hash: ff87b41e9ca731ea067228ace00743627c571a8308a970c6bd35cd281aa8fb45
                                                          • Instruction Fuzzy Hash: F191BD71A04319EFCB04EF54E891DADB7B1FF49310F548059F806AB292DB31AE41EB52
                                                          Function 00F0C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA7620: _wcslen.LIBCMT ref: 00EA7625
                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F0C6EE
                                                          • _wcslen.LIBCMT ref: 00F0C735
                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F0C79C
                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00F0C7CA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ItemMenu$Info_wcslen$Default
                                                          • String ID: 0
                                                          • API String ID: 1227352736-4108050209
                                                          • Opcode ID: 032f4015ad80fb69723e3ee29a423d3d11908bf3984f3515a50002cd4de212ed
                                                          • Instruction ID: 09b33b03bf1ae739045e641a198a16a562135d3c94ffeea8d4effe31eca877e6
                                                          • Opcode Fuzzy Hash: 032f4015ad80fb69723e3ee29a423d3d11908bf3984f3515a50002cd4de212ed
                                                          • Instruction Fuzzy Hash: 6751BF72A043019BD7659F28C885B6B77E8AF89320F040B2DF995E31E1DB75D904FB92
                                                          Function 00F2AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 00F2AEA3
                                                            • Part of subcall function 00EA7620: _wcslen.LIBCMT ref: 00EA7625
                                                          • GetProcessId.KERNEL32(00000000), ref: 00F2AF38
                                                          • CloseHandle.KERNEL32(00000000), ref: 00F2AF67
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseExecuteHandleProcessShell_wcslen
                                                          • String ID: <$@
                                                          • API String ID: 146682121-1426351568
                                                          • Opcode ID: fb155a82d75bc32c9d639b9b007fbbc34d86fc7813f04e26db051226349f4d76
                                                          • Instruction ID: 1f12a4898a87cd46b582a7353a994d19fb5e4c8fc1a8f43cb5f744d73b6c3d8e
                                                          • Opcode Fuzzy Hash: fb155a82d75bc32c9d639b9b007fbbc34d86fc7813f04e26db051226349f4d76
                                                          • Instruction Fuzzy Hash: 14718971A00629DFCB14EF65D484A9EBBF1FF09310F048499E856AB392CB74ED45CB91
                                                          Function 00F0719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00F07206
                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00F0723C
                                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00F0724D
                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00F072CF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                                          • String ID: DllGetClassObject
                                                          • API String ID: 753597075-1075368562
                                                          • Opcode ID: 1cbd35e2696955405aa8b8a62e50894050072a5a332676abfec02547c78b8c1d
                                                          • Instruction ID: 301037d455b26b40b029641cb1945fbdcaf3198bae6d7d0d6a39d715b6cfcabc
                                                          • Opcode Fuzzy Hash: 1cbd35e2696955405aa8b8a62e50894050072a5a332676abfec02547c78b8c1d
                                                          • Instruction Fuzzy Hash: EB414C71E04304EFDB15EF54C884A9A7BA9EF44310F1580A9BD059F28AD7B0ED44FBA0
                                                          Function 00F33D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F33E35
                                                          • IsMenu.USER32(?), ref: 00F33E4A
                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00F33E92
                                                          • DrawMenuBar.USER32 ref: 00F33EA5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$Item$DrawInfoInsert
                                                          • String ID: 0
                                                          • API String ID: 3076010158-4108050209
                                                          • Opcode ID: 5fe4e70a09a404f9ae803fc86b1dfac100b6fcc82cf0ee88e667359471563caf
                                                          • Instruction ID: 62fb356099b946458c2c1e6ea8dc6c25ef818ff337791c68e96721231be38d07
                                                          • Opcode Fuzzy Hash: 5fe4e70a09a404f9ae803fc86b1dfac100b6fcc82cf0ee88e667359471563caf
                                                          • Instruction Fuzzy Hash: E6414875A00209AFDB10DF54D884EEABBB9FF49370F044129E905A7250D730AE89EFA0
                                                          Function 00F01DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00F03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F03CCA
                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00F01E66
                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00F01E79
                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 00F01EA9
                                                            • Part of subcall function 00EA6B57: _wcslen.LIBCMT ref: 00EA6B6A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$_wcslen$ClassName
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 2081771294-1403004172
                                                          • Opcode ID: 80e2c0a597fcf7b453645bcfe62abee446ff7b13f45f3a35aa8499028db94d61
                                                          • Instruction ID: 6ad31aec49ba9d5d7f30ad40eeb1d04a7c92115705ebe360d18f74c7c3a6f790
                                                          • Opcode Fuzzy Hash: 80e2c0a597fcf7b453645bcfe62abee446ff7b13f45f3a35aa8499028db94d61
                                                          • Instruction Fuzzy Hash: 6121E572A00108BBDB14AB64DC46CFFB7F9EF46364B145119F825B71E1DB38690AB660
                                                          Function 00F32F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00F32F8D
                                                          • LoadLibraryW.KERNEL32(?), ref: 00F32F94
                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00F32FA9
                                                          • DestroyWindow.USER32(?), ref: 00F32FB1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$DestroyLibraryLoadWindow
                                                          • String ID: SysAnimate32
                                                          • API String ID: 3529120543-1011021900
                                                          • Opcode ID: e4374966fa85b1c32b9d99f95d3232104aaed196b56a48f29a02236263a0b055
                                                          • Instruction ID: 5b6526a411edc08476c43d63626e1a6c803ceba041abd480cb4fcbb00bf00a88
                                                          • Opcode Fuzzy Hash: e4374966fa85b1c32b9d99f95d3232104aaed196b56a48f29a02236263a0b055
                                                          • Instruction Fuzzy Hash: 6321AC72B04209ABEB604F78DC81EBB77B9EB59374F100218FA50E6190D771DC91B7A0
                                                          Function 00EC4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00EC4D1E,00ED28E9,(,00EC4CBE,00000000,00F688B8,0000000C,00EC4E15,(,00000002), ref: 00EC4D8D
                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00EC4DA0
                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00EC4D1E,00ED28E9,(,00EC4CBE,00000000,00F688B8,0000000C,00EC4E15,(,00000002,00000000), ref: 00EC4DC3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 90181bcea6fed3b8c2dafc8e77e94a65d9c036ae6bf9c436487f8bdca70b548a
                                                          • Instruction ID: 781942e7b11d25b2995e0cf51f0ef58ba3c8e7034bdcd906ccf135ffa35d31f6
                                                          • Opcode Fuzzy Hash: 90181bcea6fed3b8c2dafc8e77e94a65d9c036ae6bf9c436487f8bdca70b548a
                                                          • Instruction Fuzzy Hash: F5F0313554020CFBDB11AB90DD49FADBFA5EF44755F000198E906B2190DB719941EBD1
                                                          Function 00EA4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EA4EDD,?,00F71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EA4E9C
                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00EA4EAE
                                                          • FreeLibrary.KERNEL32(00000000,?,?,00EA4EDD,?,00F71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EA4EC0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Library$AddressFreeLoadProc
                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                          • API String ID: 145871493-3689287502
                                                          • Opcode ID: b26388aef14993aabb6f1dc9c07d407d97576436183297bae45ff29b52adb484
                                                          • Instruction ID: f15fb87affd768abe2b9ac710c66efb66cf8fbca4f00def79d3988096fa8704c
                                                          • Opcode Fuzzy Hash: b26388aef14993aabb6f1dc9c07d407d97576436183297bae45ff29b52adb484
                                                          • Instruction Fuzzy Hash: 6AE08636A015229B922127256C18A5B7555AFC7B76B054116FC01FB240DBA0DD0162E1
                                                          Function 00EA4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EE3CDE,?,00F71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EA4E62
                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00EA4E74
                                                          • FreeLibrary.KERNEL32(00000000,?,?,00EE3CDE,?,00F71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EA4E87
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Library$AddressFreeLoadProc
                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                          • API String ID: 145871493-1355242751
                                                          • Opcode ID: 04d46f5d48dc0cc78dd25bd921171c48de4698fa8b31e891cc06cc1df22aed8a
                                                          • Instruction ID: 678acc69e50db4ddf8f12df02706d46d2a87dd9e66e056fbad11acbcb2a525ce
                                                          • Opcode Fuzzy Hash: 04d46f5d48dc0cc78dd25bd921171c48de4698fa8b31e891cc06cc1df22aed8a
                                                          • Instruction Fuzzy Hash: 3BD0C2365026229747222B247C08D8B7A19AFCAB393054111B801FB194CFA0CD01B2D0
                                                          Function 00F12947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F12C05
                                                          • DeleteFileW.KERNEL32(?), ref: 00F12C87
                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00F12C9D
                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F12CAE
                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F12CC0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: File$Delete$Copy
                                                          • String ID:
                                                          • API String ID: 3226157194-0
                                                          • Opcode ID: ce6de9686784fa348941c429e9a57bd7e1a3639f092f63e33864b48c49147874
                                                          • Instruction ID: 060c7b9184fa456e07bd81ffec2454e81fdcc71a685a26ea7589e9018cce2898
                                                          • Opcode Fuzzy Hash: ce6de9686784fa348941c429e9a57bd7e1a3639f092f63e33864b48c49147874
                                                          • Instruction Fuzzy Hash: FBB17D72D00119ABDF10DBA4CD85EDFB7BDEF49350F0040AAF609F6141EA35AA949FA1
                                                          Function 00F2A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentProcessId.KERNEL32 ref: 00F2A427
                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00F2A435
                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00F2A468
                                                          • CloseHandle.KERNEL32(?), ref: 00F2A63D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                          • String ID:
                                                          • API String ID: 3488606520-0
                                                          • Opcode ID: fe488e3bdb645fd4de2b441c494896f38dece1abe34754eeba54a509c1ad9906
                                                          • Instruction ID: 696e17a1abb21814429adda364f4d4070ecb85410f2be37f93fa5efe9fb80a75
                                                          • Opcode Fuzzy Hash: fe488e3bdb645fd4de2b441c494896f38dece1abe34754eeba54a509c1ad9906
                                                          • Instruction Fuzzy Hash: EEA1A1716043019FD720DF24D886F2AB7E5AF88724F18985DF59AAB2D2D770EC41CB92
                                                          Function 00EDBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00F43700), ref: 00EDBB91
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00F7121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00EDBC09
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00F71270,000000FF,?,0000003F,00000000,?), ref: 00EDBC36
                                                          • _free.LIBCMT ref: 00EDBB7F
                                                            • Part of subcall function 00ED29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000), ref: 00ED29DE
                                                            • Part of subcall function 00ED29C8: GetLastError.KERNEL32(00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000,00000000), ref: 00ED29F0
                                                          • _free.LIBCMT ref: 00EDBD4B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                          • String ID:
                                                          • API String ID: 1286116820-0
                                                          • Opcode ID: 0c690b7e542b50f9867021d18e105699831b9bf0538bbd9478fe0b33326f986b
                                                          • Instruction ID: eed75d0ed1a6d794ab01b3cf07c6edb5562edc0a97bb25e490a72f9e51531fc4
                                                          • Opcode Fuzzy Hash: 0c690b7e542b50f9867021d18e105699831b9bf0538bbd9478fe0b33326f986b
                                                          • Instruction Fuzzy Hash: 1251B471900209EFCB10EF699C419AAB7F8FB40314B11526BE554F7391FB709D46EB91
                                                          Function 00F0E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F0DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F0CF22,?), ref: 00F0DDFD
                                                            • Part of subcall function 00F0DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F0CF22,?), ref: 00F0DE16
                                                            • Part of subcall function 00F0E199: GetFileAttributesW.KERNEL32(?,00F0CF95), ref: 00F0E19A
                                                          • lstrcmpiW.KERNEL32(?,?), ref: 00F0E473
                                                          • MoveFileW.KERNEL32(?,?), ref: 00F0E4AC
                                                          • _wcslen.LIBCMT ref: 00F0E5EB
                                                          • _wcslen.LIBCMT ref: 00F0E603
                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00F0E650
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                          • String ID:
                                                          • API String ID: 3183298772-0
                                                          • Opcode ID: e9dbaf7d0023cb1855f2b838eac785d3be50908941471e1a3c512b340932e827
                                                          • Instruction ID: c819faf7ae59552493609abb0e09fa0950420885d383f597b22f990f768ac1ed
                                                          • Opcode Fuzzy Hash: e9dbaf7d0023cb1855f2b838eac785d3be50908941471e1a3c512b340932e827
                                                          • Instruction Fuzzy Hash: E05151B24083459BC724EB90DC81ADFB3ECAF85350F004D1EF589D3192EF75A688A766
                                                          Function 00F2B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00F2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F2B6AE,?,?), ref: 00F2C9B5
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2C9F1
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2CA68
                                                            • Part of subcall function 00F2C998: _wcslen.LIBCMT ref: 00F2CA9E
                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F2BAA5
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F2BB00
                                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00F2BB63
                                                          • RegCloseKey.ADVAPI32(?,?), ref: 00F2BBA6
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00F2BBB3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                          • String ID:
                                                          • API String ID: 826366716-0
                                                          • Opcode ID: 54e962b9735283ba9a8a1ab801716ea61cc6fcb474ad5b0358382fca7f8a3060
                                                          • Instruction ID: 577fd4178603c6c50ca3194393d99239a9b7776311d7122ff0bf30ea69d3b63e
                                                          • Opcode Fuzzy Hash: 54e962b9735283ba9a8a1ab801716ea61cc6fcb474ad5b0358382fca7f8a3060
                                                          • Instruction Fuzzy Hash: 2F61C131608241AFC314DF14D890E2ABBE5FF85318F1485ACF8998B2A2CB35ED45DF92
                                                          Function 00F08BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 00F08BCD
                                                          • VariantClear.OLEAUT32 ref: 00F08C3E
                                                          • VariantClear.OLEAUT32 ref: 00F08C9D
                                                          • VariantClear.OLEAUT32(?), ref: 00F08D10
                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00F08D3B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ChangeInitType
                                                          • String ID:
                                                          • API String ID: 4136290138-0
                                                          • Opcode ID: 7345647b9611bfc922ccb3c501b98d56ccf928fa5fd0f5f9d9e9931b82e89b53
                                                          • Instruction ID: 21d8d27aabbdf118056c034716cbd59776501e59f5301e2f0f9333404167c519
                                                          • Opcode Fuzzy Hash: 7345647b9611bfc922ccb3c501b98d56ccf928fa5fd0f5f9d9e9931b82e89b53
                                                          • Instruction Fuzzy Hash: D6517BB5A01219EFCB10CF68C884AAAB7F9FF89350B158559F945EB350E730E912DF90
                                                          Function 00F18AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00F18BAE
                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00F18BDA
                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00F18C32
                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00F18C57
                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00F18C5F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: PrivateProfile$SectionWrite$String
                                                          • String ID:
                                                          • API String ID: 2832842796-0
                                                          • Opcode ID: 846fc09c6b749715439bc5b1695fb8f3b19d2d531c1513e2c4df9452ea8ec940
                                                          • Instruction ID: 3ef0be456e08d343be163d63eb0adb2568e09b9040416f15dc88a3b5091d09a2
                                                          • Opcode Fuzzy Hash: 846fc09c6b749715439bc5b1695fb8f3b19d2d531c1513e2c4df9452ea8ec940
                                                          • Instruction Fuzzy Hash: 31512935A00219DFCB05DF64C881AAABBF6FF49354F088458E849AB362DB35FD51DB90
                                                          Function 00F28EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00F28F40
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00F28FD0
                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00F28FEC
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00F29032
                                                          • FreeLibrary.KERNEL32(00000000), ref: 00F29052
                                                            • Part of subcall function 00EBF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00F11043,?,7529E610), ref: 00EBF6E6
                                                            • Part of subcall function 00EBF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00EFFA64,00000000,00000000,?,?,00F11043,?,7529E610,?,00EFFA64), ref: 00EBF70D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                          • String ID:
                                                          • API String ID: 666041331-0
                                                          • Opcode ID: 4c0f520ef9878ff09a17c46aef45e9828bc2751434b04b8a397c31f533dc5c0e
                                                          • Instruction ID: 01c961c36612e6c0c62f9fcb93f7c1fd4e3f5ffecb823eb8b19c22cf4b2d3a11
                                                          • Opcode Fuzzy Hash: 4c0f520ef9878ff09a17c46aef45e9828bc2751434b04b8a397c31f533dc5c0e
                                                          • Instruction Fuzzy Hash: 58513835A05215DFC704DF64C4948A9BBF2FF49324F088099E805AB362DB31ED86DB90
                                                          Function 00F36B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00F36C33
                                                          • SetWindowLongW.USER32(?,000000EC,?), ref: 00F36C4A
                                                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00F36C73
                                                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00F1AB79,00000000,00000000), ref: 00F36C98
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00F36CC7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Long$MessageSendShow
                                                          • String ID:
                                                          • API String ID: 3688381893-0
                                                          • Opcode ID: 23472c82ebee7f8134c737c1556a54a901eb246f4d7d21da8b8e858d2e4e50d1
                                                          • Instruction ID: 757908d398811bbe1bc43e98de32b8e31ffbffa1e987168fb4bb2b4c39ec8812
                                                          • Opcode Fuzzy Hash: 23472c82ebee7f8134c737c1556a54a901eb246f4d7d21da8b8e858d2e4e50d1
                                                          • Instruction Fuzzy Hash: C741A435A04114BFDB24CF28CC55FA9BBA5EB093B1F159224F959E72A0C371ED41EA90
                                                          Function 00ED2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _free
                                                          • String ID:
                                                          • API String ID: 269201875-0
                                                          • Opcode ID: 9fe0c32c9c7444f1ce0a50a6898ab14715bdcf2d2a95eb3c5a1471ec1a428532
                                                          • Instruction ID: 3e45faa6939f34bf2556cf89a0c25aba360c2a13ea75e6c62859ed3875fe5ec6
                                                          • Opcode Fuzzy Hash: 9fe0c32c9c7444f1ce0a50a6898ab14715bdcf2d2a95eb3c5a1471ec1a428532
                                                          • Instruction Fuzzy Hash: 6F41D432A00204AFCB24DF78C880A6EB3E5EF98714B1555ADE615FB351D631AD02DB80
                                                          Function 00EB912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCursorPos.USER32(?), ref: 00EB9141
                                                          • ScreenToClient.USER32(00000000,?), ref: 00EB915E
                                                          • GetAsyncKeyState.USER32(00000001), ref: 00EB9183
                                                          • GetAsyncKeyState.USER32(00000002), ref: 00EB919D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AsyncState$ClientCursorScreen
                                                          • String ID:
                                                          • API String ID: 4210589936-0
                                                          • Opcode ID: 845353aca7f9927721ed9cec09bb6719794b2768c52f62960310974c0188eda9
                                                          • Instruction ID: 2bc0add754270a9d9230434c22e6f26fd1ba4769b51fddd950b8dd8eb82ce6cb
                                                          • Opcode Fuzzy Hash: 845353aca7f9927721ed9cec09bb6719794b2768c52f62960310974c0188eda9
                                                          • Instruction Fuzzy Hash: 1B419C31A0920AEBCF059F68C848BFEB774FF05324F209219E569B7291C7346954EB91
                                                          Function 00F13874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetInputState.USER32 ref: 00F138CB
                                                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00F13922
                                                          • TranslateMessage.USER32(?), ref: 00F1394B
                                                          • DispatchMessageW.USER32(?), ref: 00F13955
                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F13966
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                          • String ID:
                                                          • API String ID: 2256411358-0
                                                          • Opcode ID: 1b56002738336f9a36cc8d16ec530c2b25f9302ac3ef9b9798a974ab6264188c
                                                          • Instruction ID: e9f3072327278554f2fc063db93b8fe59fa3d637fcc531300eb99b32e5848b56
                                                          • Opcode Fuzzy Hash: 1b56002738336f9a36cc8d16ec530c2b25f9302ac3ef9b9798a974ab6264188c
                                                          • Instruction Fuzzy Hash: 4E31F771D043499EEB35CB349808FF63BAAEB05320F44046DE466920A0E3B4A6C8FB52
                                                          Function 00F1CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00F1C21E,00000000), ref: 00F1CF38
                                                          • InternetReadFile.WININET(?,00000000,?,?), ref: 00F1CF6F
                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,00F1C21E,00000000), ref: 00F1CFB4
                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,00F1C21E,00000000), ref: 00F1CFC8
                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,00F1C21E,00000000), ref: 00F1CFF2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                          • String ID:
                                                          • API String ID: 3191363074-0
                                                          • Opcode ID: fd51d5fcbeb7dab633c808f09ddd425e22654ef7c44fdc480c10b0d6f67115be
                                                          • Instruction ID: 7adc49bccc1e36eeb3aeeb83241e49d43f00366b3c686681b464694f150be446
                                                          • Opcode Fuzzy Hash: fd51d5fcbeb7dab633c808f09ddd425e22654ef7c44fdc480c10b0d6f67115be
                                                          • Instruction Fuzzy Hash: 68315271940205EFDB24DFA5C884AEBBBFAEB14360B10442EF516E2140D730ED81EBB0
                                                          Function 00F01901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowRect.USER32(?,?), ref: 00F01915
                                                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 00F019C1
                                                          • Sleep.KERNEL32(00000000,?,?,?), ref: 00F019C9
                                                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 00F019DA
                                                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00F019E2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessagePostSleep$RectWindow
                                                          • String ID:
                                                          • API String ID: 3382505437-0
                                                          • Opcode ID: 57e48fadef3d20a1fe611b808e034156d957d4e5d394d16cd24642ac1e3e687a
                                                          • Instruction ID: 294747d991a7f62365dfd602db9fffecbc3d4f63524b20ac5e0a3f4d4f0fb370
                                                          • Opcode Fuzzy Hash: 57e48fadef3d20a1fe611b808e034156d957d4e5d394d16cd24642ac1e3e687a
                                                          • Instruction Fuzzy Hash: BB31C072A0021DEFCB10CFA8CD99ADE7BB6FB05325F104229F925A72D1C7709954EB90
                                                          Function 00F35706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00F35745
                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 00F3579D
                                                          • _wcslen.LIBCMT ref: 00F357AF
                                                          • _wcslen.LIBCMT ref: 00F357BA
                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00F35816
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$_wcslen
                                                          • String ID:
                                                          • API String ID: 763830540-0
                                                          • Opcode ID: e149ed1b56ecc2d6dd99a644b70fbe196454c19064ef90ba5af5bcd23999fbbd
                                                          • Instruction ID: e6dfbcd7af54c35e0ef30addaabb422061d3765f355fe372b2737753809a19eb
                                                          • Opcode Fuzzy Hash: e149ed1b56ecc2d6dd99a644b70fbe196454c19064ef90ba5af5bcd23999fbbd
                                                          • Instruction Fuzzy Hash: 93218271D04618DADB20DFA4CC85AEE7BB8FF84B34F108256E929EA1C0D7708A85DF51
                                                          Function 00F20930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindow.USER32(00000000), ref: 00F20951
                                                          • GetForegroundWindow.USER32 ref: 00F20968
                                                          • GetDC.USER32(00000000), ref: 00F209A4
                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 00F209B0
                                                          • ReleaseDC.USER32(00000000,00000003), ref: 00F209E8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ForegroundPixelRelease
                                                          • String ID:
                                                          • API String ID: 4156661090-0
                                                          • Opcode ID: 66ce5c5ab4f331cc7962e93496f9fbdd2a102fe6d32512021f49050cecefde96
                                                          • Instruction ID: 0fc151b174fc206d55485a1ffbed410c2a43e012b2d4a92e50c601b3aa1aa2ca
                                                          • Opcode Fuzzy Hash: 66ce5c5ab4f331cc7962e93496f9fbdd2a102fe6d32512021f49050cecefde96
                                                          • Instruction Fuzzy Hash: 2F218436A00214AFD714EF65DC45A9EB7FAEF49710F048068F84AA7762CB34AC44EB90
                                                          Function 00EDCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00EDCDC6
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EDCDE9
                                                            • Part of subcall function 00ED3820: RtlAllocateHeap.NTDLL(00000000,?,00F71444,?,00EBFDF5,?,?,00EAA976,00000010,00F71440,00EA13FC,?,00EA13C6,?,00EA1129), ref: 00ED3852
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00EDCE0F
                                                          • _free.LIBCMT ref: 00EDCE22
                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00EDCE31
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                          • String ID:
                                                          • API String ID: 336800556-0
                                                          • Opcode ID: 35b0e815f10f9b4cc096cc7faa30ef5b83ec5e459898bd5b64f8b5578e96353e
                                                          • Instruction ID: 115741904c5711f5f5250682cf2ecdab32e20d2d46fa2ac0c10d585a05b286bb
                                                          • Opcode Fuzzy Hash: 35b0e815f10f9b4cc096cc7faa30ef5b83ec5e459898bd5b64f8b5578e96353e
                                                          • Instruction Fuzzy Hash: 9A01B5B26012167F232116BA6C48D7BBB6DDEC6BE5325112BFD05E7340DA618D03E2F0
                                                          Function 00EB9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00EB9693
                                                          • SelectObject.GDI32(?,00000000), ref: 00EB96A2
                                                          • BeginPath.GDI32(?), ref: 00EB96B9
                                                          • SelectObject.GDI32(?,00000000), ref: 00EB96E2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ObjectSelect$BeginCreatePath
                                                          • String ID:
                                                          • API String ID: 3225163088-0
                                                          • Opcode ID: d6dbd2cb757d2844ed462f98198e799131c3bab7f4616a5c714cfe7cfbacf841
                                                          • Instruction ID: 0f0d9367861eb9ff360b2ff5e900f67768942e06b6c8d45819c844458f3002a7
                                                          • Opcode Fuzzy Hash: d6dbd2cb757d2844ed462f98198e799131c3bab7f4616a5c714cfe7cfbacf841
                                                          • Instruction Fuzzy Hash: 6221B37080230DEBDB119F28EC047EA7BB5BB14365F100216F614B60B5D370588AEB91
                                                          Function 00F05711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _memcmp
                                                          • String ID:
                                                          • API String ID: 2931989736-0
                                                          • Opcode ID: b00cb007da26129f0ce21e9b83150703c6b2ddc5e0aff430f65f0c655b44b38a
                                                          • Instruction ID: 5e251a4f82b5204094790ab572682ee44c4a9ef760a32b568a3e781b9f07a012
                                                          • Opcode Fuzzy Hash: b00cb007da26129f0ce21e9b83150703c6b2ddc5e0aff430f65f0c655b44b38a
                                                          • Instruction Fuzzy Hash: CE01B9A2A8160DFBD71855149F42FBB739C9F61BB8F004024FD04AE2C2F7A1ED15B6A1
                                                          Function 00ED2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,?,00ECF2DE,00ED3863,00F71444,?,00EBFDF5,?,?,00EAA976,00000010,00F71440,00EA13FC,?,00EA13C6), ref: 00ED2DFD
                                                          • _free.LIBCMT ref: 00ED2E32
                                                          • _free.LIBCMT ref: 00ED2E59
                                                          • SetLastError.KERNEL32(00000000,00EA1129), ref: 00ED2E66
                                                          • SetLastError.KERNEL32(00000000,00EA1129), ref: 00ED2E6F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$_free
                                                          • String ID:
                                                          • API String ID: 3170660625-0
                                                          • Opcode ID: 9e2a1d943db7be0cdcbe1f6780c0d087ddb421b2a4c13fc00dd346e7ee9dde18
                                                          • Instruction ID: 9c6b07cfec7fd3dbc85b6b7e17f41abc3439b4c59abf825a75a898b165b8b616
                                                          • Opcode Fuzzy Hash: 9e2a1d943db7be0cdcbe1f6780c0d087ddb421b2a4c13fc00dd346e7ee9dde18
                                                          • Instruction Fuzzy Hash: 370121326006006BC61322356C45D2B379AEBF13BAB20642FFE64B23D2EEA0C8032161
                                                          Function 00F0000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EFFF41,80070057,?,?,?,00F0035E), ref: 00F0002B
                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EFFF41,80070057,?,?), ref: 00F00046
                                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EFFF41,80070057,?,?), ref: 00F00054
                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EFFF41,80070057,?), ref: 00F00064
                                                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EFFF41,80070057,?,?), ref: 00F00070
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                          • String ID:
                                                          • API String ID: 3897988419-0
                                                          • Opcode ID: a74929f377893aa0e81bdc5fdf4167d92f5c86a4bcbd3f9a9414f783a342c4b9
                                                          • Instruction ID: b24a0971acb8add0b99e5e398ce0721ba56d544743dd139940dd5c8662ed6498
                                                          • Opcode Fuzzy Hash: a74929f377893aa0e81bdc5fdf4167d92f5c86a4bcbd3f9a9414f783a342c4b9
                                                          • Instruction Fuzzy Hash: 93016276A00218BFDB214F69DC48BAA7AEEEF44761F144124F905E6250DF75DE40BBA0
                                                          Function 00F0E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00F0E997
                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 00F0E9A5
                                                          • Sleep.KERNEL32(00000000), ref: 00F0E9AD
                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00F0E9B7
                                                          • Sleep.KERNEL32 ref: 00F0E9F3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                          • String ID:
                                                          • API String ID: 2833360925-0
                                                          • Opcode ID: a0cb89fb58f1e6240499c1e740a46ddefb5bed2f14632c9abbb1ab0cbeb661e4
                                                          • Instruction ID: 064d2482ca2a5e410051eb460a80d1fc3032cee31314400fb2c9aca4848d4095
                                                          • Opcode Fuzzy Hash: a0cb89fb58f1e6240499c1e740a46ddefb5bed2f14632c9abbb1ab0cbeb661e4
                                                          • Instruction Fuzzy Hash: E5011731D0162DDBCF00AFE5D959AEEBB79BB09721F000956E902B2291DB309654BBA1
                                                          Function 00F010F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F01114
                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,00F00B9B,?,?,?), ref: 00F01120
                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F00B9B,?,?,?), ref: 00F0112F
                                                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F00B9B,?,?,?), ref: 00F01136
                                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F0114D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                          • String ID:
                                                          • API String ID: 842720411-0
                                                          • Opcode ID: b71f5319eca7f250f66d0fc7ef232cc41eaf32bf850211c967f732390b687735
                                                          • Instruction ID: 208c153a3be686731c6c6ca1435d104fa3cd6e039bb5386e53c6ffa5074cfa70
                                                          • Opcode Fuzzy Hash: b71f5319eca7f250f66d0fc7ef232cc41eaf32bf850211c967f732390b687735
                                                          • Instruction Fuzzy Hash: CF011975600219BFDB155FA5DC49A6A3B6EFF893B0B214419FA45E73A0DA31DC00BBA0
                                                          Function 00F00FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F00FCA
                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F00FD6
                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F00FE5
                                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00F00FEC
                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F01002
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                          • String ID:
                                                          • API String ID: 44706859-0
                                                          • Opcode ID: 77a3f4c2a6b45a804b5b2d309a5f6f8e60c3d1aa698c11013e38cb28bbe23682
                                                          • Instruction ID: ee0877910a06598dc2810d010411f359cce73c78cd8d20a9c9762b87ac62fd2f
                                                          • Opcode Fuzzy Hash: 77a3f4c2a6b45a804b5b2d309a5f6f8e60c3d1aa698c11013e38cb28bbe23682
                                                          • Instruction Fuzzy Hash: 40F04F75600305ABD7215FA59C49F5A3B6EFF89771F104414F985D7291CA70DC50ABA0
                                                          Function 00F01014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00F0102A
                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00F01036
                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F01045
                                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00F0104C
                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F01062
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                          • String ID:
                                                          • API String ID: 44706859-0
                                                          • Opcode ID: af7546855cf1b73708d6a67c121e45a4f6fcc4597e5cf5cd297e6b8c0a467e56
                                                          • Instruction ID: 20aed5cabfe0ed219f6b15d05ab15d249a10bb28de96c2a93bb5df093b2133af
                                                          • Opcode Fuzzy Hash: af7546855cf1b73708d6a67c121e45a4f6fcc4597e5cf5cd297e6b8c0a467e56
                                                          • Instruction Fuzzy Hash: A5F06D75200309EBDB215FA5EC49F5A3BAEFF89771F100414FA85E7291CA70D850ABA0
                                                          Function 00F1030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CloseHandle.KERNEL32(?,?,?,?,00F1017D,?,00F132FC,?,00000001,00EE2592,?), ref: 00F10324
                                                          • CloseHandle.KERNEL32(?,?,?,?,00F1017D,?,00F132FC,?,00000001,00EE2592,?), ref: 00F10331
                                                          • CloseHandle.KERNEL32(?,?,?,?,00F1017D,?,00F132FC,?,00000001,00EE2592,?), ref: 00F1033E
                                                          • CloseHandle.KERNEL32(?,?,?,?,00F1017D,?,00F132FC,?,00000001,00EE2592,?), ref: 00F1034B
                                                          • CloseHandle.KERNEL32(?,?,?,?,00F1017D,?,00F132FC,?,00000001,00EE2592,?), ref: 00F10358
                                                          • CloseHandle.KERNEL32(?,?,?,?,00F1017D,?,00F132FC,?,00000001,00EE2592,?), ref: 00F10365
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseHandle
                                                          • String ID:
                                                          • API String ID: 2962429428-0
                                                          • Opcode ID: 2180d84ec5db5ce403859d11cc63dfc13dcc010362d0bce396ea7f0b7210b8b8
                                                          • Instruction ID: 2d9ab064d990b7c6aed34da88c63bbae210975aa16ae8245ef60a0b3a839cfa0
                                                          • Opcode Fuzzy Hash: 2180d84ec5db5ce403859d11cc63dfc13dcc010362d0bce396ea7f0b7210b8b8
                                                          • Instruction Fuzzy Hash: DC01A272800B159FC730AF66D880452F7F5BF603253158A3FD1A652931C7B1A995EF80
                                                          Function 00EDD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 00EDD752
                                                            • Part of subcall function 00ED29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000), ref: 00ED29DE
                                                            • Part of subcall function 00ED29C8: GetLastError.KERNEL32(00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000,00000000), ref: 00ED29F0
                                                          • _free.LIBCMT ref: 00EDD764
                                                          • _free.LIBCMT ref: 00EDD776
                                                          • _free.LIBCMT ref: 00EDD788
                                                          • _free.LIBCMT ref: 00EDD79A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: 10e7c7a4ad5e89bea88af426c035bdff764ac74e2f93a781199c57f3ce2280a1
                                                          • Instruction ID: 997100fdb2db2e025c0d729cb27f43fa9b5c74f85b93dd4e0b39b66fc62ccd13
                                                          • Opcode Fuzzy Hash: 10e7c7a4ad5e89bea88af426c035bdff764ac74e2f93a781199c57f3ce2280a1
                                                          • Instruction Fuzzy Hash: CFF06232548208AB8621EB64FDC1C267BDDFB84314B94284BF1A8F7701C731FC819AA0
                                                          Function 00F05C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,000003E9), ref: 00F05C58
                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 00F05C6F
                                                          • MessageBeep.USER32(00000000), ref: 00F05C87
                                                          • KillTimer.USER32(?,0000040A), ref: 00F05CA3
                                                          • EndDialog.USER32(?,00000001), ref: 00F05CBD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                          • String ID:
                                                          • API String ID: 3741023627-0
                                                          • Opcode ID: 5389c600f2f02d567123c09b847b06ca856f056e823ce6649724bd1580343904
                                                          • Instruction ID: f21f8e83e376d6d360314b34ee77c9734b61bfa55562ae6cfd95d43a36e751c2
                                                          • Opcode Fuzzy Hash: 5389c600f2f02d567123c09b847b06ca856f056e823ce6649724bd1580343904
                                                          • Instruction Fuzzy Hash: 7501D131500B08ABFB205B20EE4FFA67BB9BB00F15F005559A583B10E0DBF4A984AF90
                                                          Function 00ED22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 00ED22BE
                                                            • Part of subcall function 00ED29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000), ref: 00ED29DE
                                                            • Part of subcall function 00ED29C8: GetLastError.KERNEL32(00000000,?,00EDD7D1,00000000,00000000,00000000,00000000,?,00EDD7F8,00000000,00000007,00000000,?,00EDDBF5,00000000,00000000), ref: 00ED29F0
                                                          • _free.LIBCMT ref: 00ED22D0
                                                          • _free.LIBCMT ref: 00ED22E3
                                                          • _free.LIBCMT ref: 00ED22F4
                                                          • _free.LIBCMT ref: 00ED2305
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: 1f4988c066ac2a0deab227aa7af9d68fde5c4dbf530819348c5cdb02940601f4
                                                          • Instruction ID: c5f95ade4db7ec16215a460ededb5ec6ed9be56119615dd71ed4662ff282534d
                                                          • Opcode Fuzzy Hash: 1f4988c066ac2a0deab227aa7af9d68fde5c4dbf530819348c5cdb02940601f4
                                                          • Instruction Fuzzy Hash: 1BF05E708001288B8622BF68BC118593BA4FB68760700150FF558E33B2CB720892FFE6
                                                          Function 00EB95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EndPath.GDI32(?), ref: 00EB95D4
                                                          • StrokeAndFillPath.GDI32(?,?,00EF71F7,00000000,?,?,?), ref: 00EB95F0
                                                          • SelectObject.GDI32(?,00000000), ref: 00EB9603
                                                          • DeleteObject.GDI32 ref: 00EB9616
                                                          • StrokePath.GDI32(?), ref: 00EB9631
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                          • String ID:
                                                          • API String ID: 2625713937-0
                                                          • Opcode ID: 0cc2265bf11000da6c72cf6ac07f637511a43ec748c93b2d513d36968c62d6bc
                                                          • Instruction ID: 8d8be557ba02e898a23acb49c78a7e05010eb25ed9dc6137c4c52e1e146eeaa6
                                                          • Opcode Fuzzy Hash: 0cc2265bf11000da6c72cf6ac07f637511a43ec748c93b2d513d36968c62d6bc
                                                          • Instruction Fuzzy Hash: 14F0B23100624CEBDB265F69ED18BA53B76BB01376F048214E669A90F1C730899AEF61
                                                          Function 00ED0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: __freea$_free
                                                          • String ID: a/p$am/pm
                                                          • API String ID: 3432400110-3206640213
                                                          • Opcode ID: f12fca06ec0e8272007874f395a44b4f9a5c20d94f1542a78fb9765ad4edd28e
                                                          • Instruction ID: 53cc326ec9763b5e21f814c8bf56133c8f797bf662f3dd7f8fa2cc274b1cec4f
                                                          • Opcode Fuzzy Hash: f12fca06ec0e8272007874f395a44b4f9a5c20d94f1542a78fb9765ad4edd28e
                                                          • Instruction Fuzzy Hash: BCD11231A00246EADB289F68C845BFEB7B1FF05304F29219BE901BB751D3759D82CB91
                                                          Function 00ED5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: JO
                                                          • API String ID: 0-1663374661
                                                          • Opcode ID: e16f5a9979f044122c0b7e2165944d10bd350fcd2601405fd4efb46606449612
                                                          • Instruction ID: 6c3b3e65f59a36a43cc42c449f62eb641838ffc75553e6a5e1b489f8ae74cec5
                                                          • Opcode Fuzzy Hash: e16f5a9979f044122c0b7e2165944d10bd350fcd2601405fd4efb46606449612
                                                          • Instruction Fuzzy Hash: 4151CD72910609AFDB249FA4C945FEEBBB8EF45314F14201BF405BB3A1D6718903DB61
                                                          Function 00ED8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00ED8B6E
                                                          • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00ED8B7A
                                                          • __dosmaperr.LIBCMT ref: 00ED8B81
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                          • String ID: .
                                                          • API String ID: 2434981716-3963672497
                                                          • Opcode ID: 65c7fd5865df142ac7f122afa3d8a8ec584d9b516b2dc05c0bff4a322533bcad
                                                          • Instruction ID: 383a8b865931ee4b077eabc722b5090c6bafd374fd3895fa49fe9f7c8a46e16b
                                                          • Opcode Fuzzy Hash: 65c7fd5865df142ac7f122afa3d8a8ec584d9b516b2dc05c0bff4a322533bcad
                                                          • Instruction Fuzzy Hash: 97415C74604185AFD7249F28C990ABD7FE6DF85304B28619BF885A7352DE318C039790
                                                          Function 00F02716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F0B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F021D0,?,?,00000034,00000800,?,00000034), ref: 00F0B42D
                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00F02760
                                                            • Part of subcall function 00F0B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F021FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00F0B3F8
                                                            • Part of subcall function 00F0B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00F0B355
                                                            • Part of subcall function 00F0B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00F02194,00000034,?,?,00001004,00000000,00000000), ref: 00F0B365
                                                            • Part of subcall function 00F0B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00F02194,00000034,?,?,00001004,00000000,00000000), ref: 00F0B37B
                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F027CD
                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F0281A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                          • String ID: @
                                                          • API String ID: 4150878124-2766056989
                                                          • Opcode ID: 16a9858fe7ea516c465ee3c4ca65023838a525acfd8d9f7914461edbb2033ea0
                                                          • Instruction ID: 0ba1460d1a406867709f40e56d0afe343a52798d19084cb0f17cf348f700e574
                                                          • Opcode Fuzzy Hash: 16a9858fe7ea516c465ee3c4ca65023838a525acfd8d9f7914461edbb2033ea0
                                                          • Instruction Fuzzy Hash: 04412E76D00218AFDB10DFA4CD46AEEBBB8EF09710F108095FA55B7181DB706E45EBA1
                                                          Function 00ED172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00ED1769
                                                          • _free.LIBCMT ref: 00ED1834
                                                          • _free.LIBCMT ref: 00ED183E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$FileModuleName
                                                          • String ID: C:\Users\user\Desktop\file.exe
                                                          • API String ID: 2506810119-517116171
                                                          • Opcode ID: 702775aa12b67bf9dd344eee96f412b5a7999c1071f369433cbc3eef4aef92bb
                                                          • Instruction ID: d1d4d210df2c9939c368cd2669f65fa56b4e449a3b45c06069dba7074cdd9e5f
                                                          • Opcode Fuzzy Hash: 702775aa12b67bf9dd344eee96f412b5a7999c1071f369433cbc3eef4aef92bb
                                                          • Instruction Fuzzy Hash: 2D31A075A00208BFDB25DB99D885D9EBBFCEB85310B1051ABF404E7321D6708E46EB91
                                                          Function 00F0C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00F0C306
                                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 00F0C34C
                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00F71990,01545900), ref: 00F0C395
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$Delete$InfoItem
                                                          • String ID: 0
                                                          • API String ID: 135850232-4108050209
                                                          • Opcode ID: 127d7edc7fc5589ec614602eeeebbcbbd40194380bf88515cc33bb84eb655f52
                                                          • Instruction ID: fc8be7fa465ac50163a9f20427cb66395cfd2666c8b095d3a26fdc32c1d35c71
                                                          • Opcode Fuzzy Hash: 127d7edc7fc5589ec614602eeeebbcbbd40194380bf88515cc33bb84eb655f52
                                                          • Instruction Fuzzy Hash: 5F41A0316043019FD720DF25DC84B5ABBE4AF85320F148B1DF9A5972D2D734E904EBA2
                                                          Function 00F34416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00F3CC08,00000000,?,?,?,?), ref: 00F344AA
                                                          • GetWindowLongW.USER32 ref: 00F344C7
                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F344D7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Long
                                                          • String ID: SysTreeView32
                                                          • API String ID: 847901565-1698111956
                                                          • Opcode ID: 3869e08145503d71b34b2b9076a89bf793252ad3ea66d5cde904ce0085c023eb
                                                          • Instruction ID: 356233c7f6453234e89d220116bf390210b5bea98c993f3c2a97792124ef0311
                                                          • Opcode Fuzzy Hash: 3869e08145503d71b34b2b9076a89bf793252ad3ea66d5cde904ce0085c023eb
                                                          • Instruction Fuzzy Hash: 96318D32610205AFDB209E38DC45BEA77A9EB09334F254725F979A21D1D774FC50AB90
                                                          Function 00F2304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F2335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00F23077,?,?), ref: 00F23378
                                                          • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F2307A
                                                          • _wcslen.LIBCMT ref: 00F2309B
                                                          • htons.WSOCK32(00000000,?,?,00000000), ref: 00F23106
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                          • String ID: 255.255.255.255
                                                          • API String ID: 946324512-2422070025
                                                          • Opcode ID: 0bedce712c6337d4da11a4b2e66e1ca7b3c1123a0a8348877dbc0e9967f23d45
                                                          • Instruction ID: 9ddd2bf619992a4f9f4fb87568f0b567d283b498ee0f232f013946e29a5f2db9
                                                          • Opcode Fuzzy Hash: 0bedce712c6337d4da11a4b2e66e1ca7b3c1123a0a8348877dbc0e9967f23d45
                                                          • Instruction Fuzzy Hash: 8A31F5B5A002259FC710CF68D485FA977E0EF14328F248059E8159B392DB3AEF41D770
                                                          Function 00F33EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00F33F40
                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00F33F54
                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00F33F78
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window
                                                          • String ID: SysMonthCal32
                                                          • API String ID: 2326795674-1439706946
                                                          • Opcode ID: ad9eef7e402d04ab5dca87591a35da9909dcca47079d2cb308e50f691fb5068b
                                                          • Instruction ID: 55646f9f386fafac593fd02fa4fe904261fc438ab1cdfd7ffcea2ade4d16c4fb
                                                          • Opcode Fuzzy Hash: ad9eef7e402d04ab5dca87591a35da9909dcca47079d2cb308e50f691fb5068b
                                                          • Instruction Fuzzy Hash: 3C21BF32A00219BBDF25DF60CC46FEA3B75EB48724F110214FA197B1D0D6B5A894AB90
                                                          Function 00F34653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00F34705
                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00F34713
                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00F3471A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$DestroyWindow
                                                          • String ID: msctls_updown32
                                                          • API String ID: 4014797782-2298589950
                                                          • Opcode ID: e4481c5cf4c6c44a5804ecdeb1f247152ae8578e87024381166522dd34c6ce2b
                                                          • Instruction ID: d5ece0b8f585319c180b23c6a7afe442c26daa47933b4bd3ddc1bf3b394021f1
                                                          • Opcode Fuzzy Hash: e4481c5cf4c6c44a5804ecdeb1f247152ae8578e87024381166522dd34c6ce2b
                                                          • Instruction Fuzzy Hash: F1215EB5600208AFEB10DF68DCC1DA737EDEB4A3B4B140059FA04AB251CB71FC52EA60
                                                          Function 00F095AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                          • API String ID: 176396367-2734436370
                                                          • Opcode ID: 3ed100b922e28b4f787e51946836192410afd82cb150cca6387e4f4dd5fda674
                                                          • Instruction ID: 67228bc49a1a545d07d5cdf365c25dcd39ca49261026359a009583235cd232e1
                                                          • Opcode Fuzzy Hash: 3ed100b922e28b4f787e51946836192410afd82cb150cca6387e4f4dd5fda674
                                                          • Instruction Fuzzy Hash: BC21687260C5116AC731AA25DD02FBB73D89F95320F44402AF989AB0C2FBD2ED46F291
                                                          Function 00F337B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00F33840
                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00F33850
                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00F33876
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$MoveWindow
                                                          • String ID: Listbox
                                                          • API String ID: 3315199576-2633736733
                                                          • Opcode ID: 359eba03b175931c26e6119a18b0cf74a60c37be12cc789d2b394dd2021953d8
                                                          • Instruction ID: d780be1b83507aebb6428b6f732c21b23e2cff124ab219e4f04a1f94390d7429
                                                          • Opcode Fuzzy Hash: 359eba03b175931c26e6119a18b0cf74a60c37be12cc789d2b394dd2021953d8
                                                          • Instruction Fuzzy Hash: 6C21BE72A10218BBEF21DF54CC85FAB376AEF89770F118124F904AB190C675EC52A7A0
                                                          Function 00F149F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNEL32(00000001), ref: 00F14A08
                                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00F14A5C
                                                          • SetErrorMode.KERNEL32(00000000,?,?,00F3CC08), ref: 00F14AD0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorMode$InformationVolume
                                                          • String ID: %lu
                                                          • API String ID: 2507767853-685833217
                                                          • Opcode ID: 83d5604cf18a42c3587beb8161044690f19fe4f143a4640e0082b07ff5a881b9
                                                          • Instruction ID: fd943a0ba1b2289465f15e01961fc10bfe956825844bca49df76996c9d2e9fe3
                                                          • Opcode Fuzzy Hash: 83d5604cf18a42c3587beb8161044690f19fe4f143a4640e0082b07ff5a881b9
                                                          • Instruction Fuzzy Hash: 8831C171A00108AFCB10DF54C880EAABBF8EF08318F1480A5F908EF252D735EE41DBA1
                                                          Function 00F341EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00F3424F
                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00F34264
                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00F34271
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID: msctls_trackbar32
                                                          • API String ID: 3850602802-1010561917
                                                          • Opcode ID: 4ac19547512f24b9c0f53cdd5868791dbe200b215e5b8fff5f88cc5ee31eee19
                                                          • Instruction ID: fbc212f448c728b27fbf272a62e2477c7ff7266f81d5ca83abe39d23767159f8
                                                          • Opcode Fuzzy Hash: 4ac19547512f24b9c0f53cdd5868791dbe200b215e5b8fff5f88cc5ee31eee19
                                                          • Instruction Fuzzy Hash: 4411E031640208BEEF205E29CC06FAB3BACEF95B74F010124FA55E60A0D271E851AB20
                                                          Function 00F02F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA6B57: _wcslen.LIBCMT ref: 00EA6B6A
                                                            • Part of subcall function 00F02DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F02DC5
                                                            • Part of subcall function 00F02DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F02DD6
                                                            • Part of subcall function 00F02DA7: GetCurrentThreadId.KERNEL32 ref: 00F02DDD
                                                            • Part of subcall function 00F02DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00F02DE4
                                                          • GetFocus.USER32 ref: 00F02F78
                                                            • Part of subcall function 00F02DEE: GetParent.USER32(00000000), ref: 00F02DF9
                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00F02FC3
                                                          • EnumChildWindows.USER32(?,00F0303B), ref: 00F02FEB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                          • String ID: %s%d
                                                          • API String ID: 1272988791-1110647743
                                                          • Opcode ID: 92916bc516f5db1cdf1bc893b4617ce1194f66ad1eb54b9873e7d664dc077739
                                                          • Instruction ID: 0b8de5f345090ea900bb53ccacad514a572bf7fb538dc46a6e45729794b7813d
                                                          • Opcode Fuzzy Hash: 92916bc516f5db1cdf1bc893b4617ce1194f66ad1eb54b9873e7d664dc077739
                                                          • Instruction Fuzzy Hash: 3711E4717002096BCF417F708C8AEEE77AEAF85318F045075F909AB292DE349905BB70
                                                          Function 00F35882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00F358C1
                                                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00F358EE
                                                          • DrawMenuBar.USER32(?), ref: 00F358FD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$InfoItem$Draw
                                                          • String ID: 0
                                                          • API String ID: 3227129158-4108050209
                                                          • Opcode ID: c049b311a6783b6e2bd6fa6839a6dd6d44b54a89f069cc4debe288beddd2b0cd
                                                          • Instruction ID: 99ba598935cca1f08b1e9476e93422ae19a59b304d9b7c9d756c8b9f56b91b77
                                                          • Opcode Fuzzy Hash: c049b311a6783b6e2bd6fa6839a6dd6d44b54a89f069cc4debe288beddd2b0cd
                                                          • Instruction Fuzzy Hash: 71015B32500218EEDB619F11DC44BAFBBB5FB85770F1480A9E849E6151DB308A94EF61
                                                          Function 00EFD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00EFD3BF
                                                          • FreeLibrary.KERNEL32 ref: 00EFD3E5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeLibraryProc
                                                          • String ID: GetSystemWow64DirectoryW$X64
                                                          • API String ID: 3013587201-2590602151
                                                          • Opcode ID: b59fdfdbc756e66b59228b402944023471e9b8e6e5efba7a54d29818e70c0fe5
                                                          • Instruction ID: 608d81c074675c24abd5da2a4ad08f35a7c6796883cae1226d7cddb9f8e471ff
                                                          • Opcode Fuzzy Hash: b59fdfdbc756e66b59228b402944023471e9b8e6e5efba7a54d29818e70c0fe5
                                                          • Instruction Fuzzy Hash: 4DF0552280E628DBF73122108C549FA3B12AF10B15F54A425E702F2129E720CC40B3C3
                                                          Function 00F0007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 32b3fa88fb3b346b4b0281e4bb58c6338c9b5923c9b64d0c7e3871cca326631b
                                                          • Instruction ID: 7a4f3d8dc8eca43529a16622fae1636463655cc0153383b855d8a5fa8622a439
                                                          • Opcode Fuzzy Hash: 32b3fa88fb3b346b4b0281e4bb58c6338c9b5923c9b64d0c7e3871cca326631b
                                                          • Instruction Fuzzy Hash: 21C12975A0020AAFDB15CFA4C894BAEB7B5FF48714F108598E505EB291DB31EE41EB90
                                                          Function 00F2342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInitInitializeUninitialize
                                                          • String ID:
                                                          • API String ID: 1998397398-0
                                                          • Opcode ID: 9c50e1010ec160c64de62c52b0850a0b1609587dca0b506e5eedcc0a2238f6c4
                                                          • Instruction ID: 46ff4f9978f018ac8a646e3e95963b4656154f7e73c417999bea2c9a23e4ec96
                                                          • Opcode Fuzzy Hash: 9c50e1010ec160c64de62c52b0850a0b1609587dca0b506e5eedcc0a2238f6c4
                                                          • Instruction Fuzzy Hash: B5A12B756042119FC710EF24D885A2AB7E5FF8D724F048859F98AAB362DB34FD01DB91
                                                          Function 00F00436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00F3FC08,?), ref: 00F005F0
                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00F3FC08,?), ref: 00F00608
                                                          • CLSIDFromProgID.OLE32(?,?,00000000,00F3CC40,000000FF,?,00000000,00000800,00000000,?,00F3FC08,?), ref: 00F0062D
                                                          • _memcmp.LIBVCRUNTIME ref: 00F0064E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FromProg$FreeTask_memcmp
                                                          • String ID:
                                                          • API String ID: 314563124-0
                                                          • Opcode ID: bb482d5927168288c6e2705fcfb68cdb8d75b12b2f23212e93ad27961a05d8f8
                                                          • Instruction ID: 4235f48011882cba2e46a0a371dc0d5aa2d1832595514bac254324e1978c4eaf
                                                          • Opcode Fuzzy Hash: bb482d5927168288c6e2705fcfb68cdb8d75b12b2f23212e93ad27961a05d8f8
                                                          • Instruction Fuzzy Hash: 2B810B75A00109EFCB04DF94C984EEEB7BAFF89315F244558F506AB290DB71AE06DB60
                                                          Function 00EE1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _free
                                                          • String ID:
                                                          • API String ID: 269201875-0
                                                          • Opcode ID: 5424cb079ae60b37dcd5e89bcf5e0c1b7a7ff0611bc83d08ee102f3ca27b7c86
                                                          • Instruction ID: 6728dad137996f48e019f35446855f440f62f3cc7b6f40d77a406bfe6a5ba19c
                                                          • Opcode Fuzzy Hash: 5424cb079ae60b37dcd5e89bcf5e0c1b7a7ff0611bc83d08ee102f3ca27b7c86
                                                          • Instruction Fuzzy Hash: 58414F316005586BDB257BBA8C45FFE3AE5EF41370F1422A9F439F63D2E63548C29261
                                                          Function 00F36278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowRect.USER32(?,?), ref: 00F362E2
                                                          • ScreenToClient.USER32(?,?), ref: 00F36315
                                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00F36382
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ClientMoveRectScreen
                                                          • String ID:
                                                          • API String ID: 3880355969-0
                                                          • Opcode ID: 1411def4b6f288d0da88c6bfb6b5d72dbf3560dcc541caa3de58dd75300bc2ca
                                                          • Instruction ID: c13b4682496a5c7a34c9b1e729ee2c6af1dff1560465928c757913fd6897233e
                                                          • Opcode Fuzzy Hash: 1411def4b6f288d0da88c6bfb6b5d72dbf3560dcc541caa3de58dd75300bc2ca
                                                          • Instruction Fuzzy Hash: 1A510875A00209AFDF10DF68D881AAE7BB6FB45370F108169F955DB2A0D730ED81EB90
                                                          Function 00F21AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 00F21AFD
                                                          • WSAGetLastError.WSOCK32 ref: 00F21B0B
                                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00F21B8A
                                                          • WSAGetLastError.WSOCK32 ref: 00F21B94
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$socket
                                                          • String ID:
                                                          • API String ID: 1881357543-0
                                                          • Opcode ID: 240ca8959711deea1510ab416fb36e2155221d54ec43264043b7ad8b479dac8e
                                                          • Instruction ID: 7883b6072ded62e14c8dce1d6f861b36b5f84114d3461cee4373016b1696eb79
                                                          • Opcode Fuzzy Hash: 240ca8959711deea1510ab416fb36e2155221d54ec43264043b7ad8b479dac8e
                                                          • Instruction Fuzzy Hash: 4F41E5346002106FE720AF24D886F6677E5AF89718F549448F95AAF3D3D772ED41CB90
                                                          Function 00EDB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3f3279d09408c18c4cd2c54150bdaf4be56c519b57b5359eb309d598eb5011ab
                                                          • Instruction ID: 3fa4e2e769577885ed7abb2308bac748426614b0e792214f3394766e51d3e7fd
                                                          • Opcode Fuzzy Hash: 3f3279d09408c18c4cd2c54150bdaf4be56c519b57b5359eb309d598eb5011ab
                                                          • Instruction Fuzzy Hash: 9D41D171A00244EFD724DF38C841BAABBE9EB88710F11566FF551EB392E77199428790
                                                          Function 00F156D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00F15783
                                                          • GetLastError.KERNEL32(?,00000000), ref: 00F157A9
                                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00F157CE
                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00F157FA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                          • String ID:
                                                          • API String ID: 3321077145-0
                                                          • Opcode ID: 9fd2ad091770dacf7de18dd48cd72c6ff099b020101a956f96cb8d9b50653b88
                                                          • Instruction ID: 65f73b4b48c5ac9c36a6032356aa42d5268ff14dffc3bc97adaec13149e25f2f
                                                          • Opcode Fuzzy Hash: 9fd2ad091770dacf7de18dd48cd72c6ff099b020101a956f96cb8d9b50653b88
                                                          • Instruction Fuzzy Hash: D7411D39600614DFCB11EF15C545A5EBBE2EF89720B198488E84AAF362CB34FD40DB91
                                                          Function 00EDD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00EC82D9,?,00EC82D9,?,00000001,?,?,00000001,00EC82D9,00EC82D9), ref: 00EDD910
                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EDD999
                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00EDD9AB
                                                          • __freea.LIBCMT ref: 00EDD9B4
                                                            • Part of subcall function 00ED3820: RtlAllocateHeap.NTDLL(00000000,?,00F71444,?,00EBFDF5,?,?,00EAA976,00000010,00F71440,00EA13FC,?,00EA13C6,?,00EA1129), ref: 00ED3852
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                          • String ID:
                                                          • API String ID: 2652629310-0
                                                          • Opcode ID: 73072c944d318dd4c1e9d95495c46e9b7c453aa31d31cc11d14045803d8e12fb
                                                          • Instruction ID: 2cf2b8ac6bf5163b47632fce4903b6406baab47edda3bb4fbf616969aa6f4a4b
                                                          • Opcode Fuzzy Hash: 73072c944d318dd4c1e9d95495c46e9b7c453aa31d31cc11d14045803d8e12fb
                                                          • Instruction Fuzzy Hash: 9231E172A0020AABDF24DF64DC91EAE7BA5EB80314F050169FC04E7290EB76DD52DB90
                                                          Function 00F352C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00F35352
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F35375
                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F35382
                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00F353A8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                          • String ID:
                                                          • API String ID: 3340791633-0
                                                          • Opcode ID: deeeee613d592ebb334db5a7dbb256a5558def2c1fc318e04038ecfde3da25fd
                                                          • Instruction ID: 53a7ce2258aff926d7d4f9af4a896017a788026e48419539277c32f0fffe26b6
                                                          • Opcode Fuzzy Hash: deeeee613d592ebb334db5a7dbb256a5558def2c1fc318e04038ecfde3da25fd
                                                          • Instruction Fuzzy Hash: BC31C435E55A0CEFEB309A54CC46BE837A7EB84BB0F584101FA14961E1C7B19980FB92
                                                          Function 00F0AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00F0ABF1
                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 00F0AC0D
                                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 00F0AC74
                                                          • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00F0ACC6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: KeyboardState$InputMessagePostSend
                                                          • String ID:
                                                          • API String ID: 432972143-0
                                                          • Opcode ID: c121d805af4fd1a80249ccb9345c35faec1820008944eacf3d370900bb5e8a97
                                                          • Instruction ID: 903e7a19d5f39a436742d7fbc166fa1c8afed9617361085510e049d60c996465
                                                          • Opcode Fuzzy Hash: c121d805af4fd1a80249ccb9345c35faec1820008944eacf3d370900bb5e8a97
                                                          • Instruction Fuzzy Hash: 61311431E04718AFFB358B648C097FE7BA6AB89320F05821AE485961D1D378C981B792
                                                          Function 00F37674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ClientToScreen.USER32(?,?), ref: 00F3769A
                                                          • GetWindowRect.USER32(?,?), ref: 00F37710
                                                          • PtInRect.USER32(?,?,00F38B89), ref: 00F37720
                                                          • MessageBeep.USER32(00000000), ref: 00F3778C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                          • String ID:
                                                          • API String ID: 1352109105-0
                                                          • Opcode ID: 33b7b2220a9d4fc124d66d3ca75f91aaf09f22d2278eb05f51e94e13b158992c
                                                          • Instruction ID: 025dccd0189527df5095441772dd060d6d5620ced60f158c036416d1f1317474
                                                          • Opcode Fuzzy Hash: 33b7b2220a9d4fc124d66d3ca75f91aaf09f22d2278eb05f51e94e13b158992c
                                                          • Instruction Fuzzy Hash: 4441A0B5A05318EFDB21EF58C895FA9BBF5FB49330F1440A8E5149B261C330A946EF90
                                                          Function 00F316DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetForegroundWindow.USER32 ref: 00F316EB
                                                            • Part of subcall function 00F03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F03A57
                                                            • Part of subcall function 00F03A3D: GetCurrentThreadId.KERNEL32 ref: 00F03A5E
                                                            • Part of subcall function 00F03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F025B3), ref: 00F03A65
                                                          • GetCaretPos.USER32(?), ref: 00F316FF
                                                          • ClientToScreen.USER32(00000000,?), ref: 00F3174C
                                                          • GetForegroundWindow.USER32 ref: 00F31752
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                          • String ID:
                                                          • API String ID: 2759813231-0
                                                          • Opcode ID: 23ed299333757ed7d5e5a194503012f2f97d156ac3bd2d162b8f48a67f1c76ac
                                                          • Instruction ID: 9cf6e149c4904f343445ccfa03882ca231a779284acd17f739e785fdddf9be17
                                                          • Opcode Fuzzy Hash: 23ed299333757ed7d5e5a194503012f2f97d156ac3bd2d162b8f48a67f1c76ac
                                                          • Instruction Fuzzy Hash: 71315275E00149AFC700DFA9C881CAEBBFDFF49314B548069E415E7211D735AE45DBA0
                                                          Function 00F0DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA7620: _wcslen.LIBCMT ref: 00EA7625
                                                          • _wcslen.LIBCMT ref: 00F0DFCB
                                                          • _wcslen.LIBCMT ref: 00F0DFE2
                                                          • _wcslen.LIBCMT ref: 00F0E00D
                                                          • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00F0E018
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$ExtentPoint32Text
                                                          • String ID:
                                                          • API String ID: 3763101759-0
                                                          • Opcode ID: 1cd899d209b2a5f1a3e9b9f1227a4c99ab5d7b81610ade8ceb3f2bb4d8c0130e
                                                          • Instruction ID: fbf99d187b54a05812bb10213cdffb4f64dd61a753f0a683f6e7ed6cd7fc8e63
                                                          • Opcode Fuzzy Hash: 1cd899d209b2a5f1a3e9b9f1227a4c99ab5d7b81610ade8ceb3f2bb4d8c0130e
                                                          • Instruction Fuzzy Hash: 1621B571D00215AFCB20DFA8DD81BAEB7F8EF85760F144069E805BB385D6719E41DBA1
                                                          Function 00F0D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00F0D501
                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00F0D50F
                                                          • Process32NextW.KERNEL32(00000000,?), ref: 00F0D52F
                                                          • CloseHandle.KERNEL32(00000000), ref: 00F0D5DC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                          • String ID:
                                                          • API String ID: 420147892-0
                                                          • Opcode ID: 8d3aaea1b05578aad3524040092374f7c7e475649173a943ec97194dd0233b22
                                                          • Instruction ID: a0cc1427648608d71cc2ad754040f80c0be0c5c6fef9f9d18093f40461712d78
                                                          • Opcode Fuzzy Hash: 8d3aaea1b05578aad3524040092374f7c7e475649173a943ec97194dd0233b22
                                                          • Instruction Fuzzy Hash: D13181721083009FD304EF54CC81ABFBBE8EF9A354F14052DF581961A2EB71A945EB92
                                                          Function 00F38FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EB9BB2
                                                          • GetCursorPos.USER32(?), ref: 00F39001
                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00EF7711,?,?,?,?,?), ref: 00F39016
                                                          • GetCursorPos.USER32(?), ref: 00F3905E
                                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00EF7711,?,?,?), ref: 00F39094
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                          • String ID:
                                                          • API String ID: 2864067406-0
                                                          • Opcode ID: 5af3f572903af7daee261e123f34ecbc66bd7044f9dd970060c679512f4319af
                                                          • Instruction ID: dd8181eb160b8e91c07f7480812ebce1720534d648530ad7ffe687686c24b34d
                                                          • Opcode Fuzzy Hash: 5af3f572903af7daee261e123f34ecbc66bd7044f9dd970060c679512f4319af
                                                          • Instruction Fuzzy Hash: 5421B175604118EFDB298FA4C858EEA3BB9FB49370F044055F60557261C3B19990FBA0
                                                          Function 00F0D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileAttributesW.KERNEL32(?,00F3CB68), ref: 00F0D2FB
                                                          • GetLastError.KERNEL32 ref: 00F0D30A
                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00F0D319
                                                          • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00F3CB68), ref: 00F0D376
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateDirectory$AttributesErrorFileLast
                                                          • String ID:
                                                          • API String ID: 2267087916-0
                                                          • Opcode ID: 7e6bd2ac92c4c5e46ee7bbc88d64b58b6b1c1dbdae82397ebad94c2fe6051266
                                                          • Instruction ID: 5a5dc11bc71652565c39a22f754d632e2b0ddc896062fec0ee554c4923527cb0
                                                          • Opcode Fuzzy Hash: 7e6bd2ac92c4c5e46ee7bbc88d64b58b6b1c1dbdae82397ebad94c2fe6051266
                                                          • Instruction Fuzzy Hash: D2219F719083019FC700DF68C88186BB7E4AE9A368F104A1DF899D72E1D731D946EB93
                                                          Function 00F01571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F01014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00F0102A
                                                            • Part of subcall function 00F01014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00F01036
                                                            • Part of subcall function 00F01014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F01045
                                                            • Part of subcall function 00F01014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00F0104C
                                                            • Part of subcall function 00F01014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F01062
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00F015BE
                                                          • _memcmp.LIBVCRUNTIME ref: 00F015E1
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F01617
                                                          • HeapFree.KERNEL32(00000000), ref: 00F0161E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                          • String ID:
                                                          • API String ID: 1592001646-0
                                                          • Opcode ID: e6d3bc416fcc1e9e075a08898be03d3ab4f05af013a75ca188f5f30423e9c5c8
                                                          • Instruction ID: eded3a2291b8062b4b7bb88f0941c32f780175868a345f5fbbbfb5aa7b6641c2
                                                          • Opcode Fuzzy Hash: e6d3bc416fcc1e9e075a08898be03d3ab4f05af013a75ca188f5f30423e9c5c8
                                                          • Instruction Fuzzy Hash: C9217872E00108EFEB14DFA4CD45BEEB7B9FF44364F084459E441AB281E731AA45EBA0
                                                          Function 00F32782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowLongW.USER32(?,000000EC), ref: 00F3280A
                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F32824
                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F32832
                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00F32840
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Long$AttributesLayered
                                                          • String ID:
                                                          • API String ID: 2169480361-0
                                                          • Opcode ID: 291ee3f515432b2d1956b9f042775d8755ce0967752e6fff1a2b51d57e3d92ea
                                                          • Instruction ID: 345bf83b17284decfe3ad8fcc37f6217a62751a5cf018b6fdfbb5be1caa89504
                                                          • Opcode Fuzzy Hash: 291ee3f515432b2d1956b9f042775d8755ce0967752e6fff1a2b51d57e3d92ea
                                                          • Instruction Fuzzy Hash: 2721FF31604110AFD7549B24CC44FAA7B9AAF86334F188258F4268B2E2CB75FC82DBD0
                                                          Function 00F078F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00F08D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00F0790A,?,000000FF,?,00F08754,00000000,?,0000001C,?,?), ref: 00F08D8C
                                                            • Part of subcall function 00F08D7D: lstrcpyW.KERNEL32(00000000,?,?,00F0790A,?,000000FF,?,00F08754,00000000,?,0000001C,?,?,00000000), ref: 00F08DB2
                                                            • Part of subcall function 00F08D7D: lstrcmpiW.KERNEL32(00000000,?,00F0790A,?,000000FF,?,00F08754,00000000,?,0000001C,?,?), ref: 00F08DE3
                                                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00F08754,00000000,?,0000001C,?,?,00000000), ref: 00F07923
                                                          • lstrcpyW.KERNEL32(00000000,?,?,00F08754,00000000,?,0000001C,?,?,00000000), ref: 00F07949
                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,00F08754,00000000,?,0000001C,?,?,00000000), ref: 00F07984
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: lstrcmpilstrcpylstrlen
                                                          • String ID: cdecl
                                                          • API String ID: 4031866154-3896280584
                                                          • Opcode ID: f58228ff269d64a24fc903955fa732713a0a15b3aa7d6ae458c6f0398185297f
                                                          • Instruction ID: 6852bd0f822b4cd5a77d30bddee8a3d799e1d6d248d860791866af2b4655746a
                                                          • Opcode Fuzzy Hash: f58228ff269d64a24fc903955fa732713a0a15b3aa7d6ae458c6f0398185297f
                                                          • Instruction Fuzzy Hash: C011D63A600346ABCB256F34DC45D7B77A6FF453A0B50406AF946C72A4EB31D811F7A1
                                                          Function 00F37CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F37D0B
                                                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00F37D2A
                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00F37D42
                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00F1B7AD,00000000), ref: 00F37D6B
                                                            • Part of subcall function 00EB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EB9BB2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Long
                                                          • String ID:
                                                          • API String ID: 847901565-0
                                                          • Opcode ID: f21666eb9376ae2a794dde005cdd15b7cb2736427547666dc6b6acf5b1699f70
                                                          • Instruction ID: e975863a1b87eb6cf22c137c087b634806aa21e1584fe3d7699f0f292f5d6148
                                                          • Opcode Fuzzy Hash: f21666eb9376ae2a794dde005cdd15b7cb2736427547666dc6b6acf5b1699f70
                                                          • Instruction Fuzzy Hash: AE11C072504658AFCB20AF28DC04AAA3BA5BF45370F158324F939D72F0D7308951EB80
                                                          Function 00F35660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 00F356BB
                                                          • _wcslen.LIBCMT ref: 00F356CD
                                                          • _wcslen.LIBCMT ref: 00F356D8
                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00F35816
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend_wcslen
                                                          • String ID:
                                                          • API String ID: 455545452-0
                                                          • Opcode ID: f10be1d80b5ee352dd02380a91800f4fac8fba85718694232caf0edfcfefe44c
                                                          • Instruction ID: f9b966c42e752a89c60eb34992a56aa1c72f0260f6b1d813f35f1ac26e2ff0c7
                                                          • Opcode Fuzzy Hash: f10be1d80b5ee352dd02380a91800f4fac8fba85718694232caf0edfcfefe44c
                                                          • Instruction Fuzzy Hash: 9711D671A00619D6DF20DF65CC85BEE77ACEF91B70F50402AF915E6081E770CA84EB61
                                                          Function 00ED1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c33e0b598270197bc600052367e65d84ef360f6aef8c2abc148dac87ced5b77
                                                          • Instruction ID: 95541f3eb0f01ade6a02204aea0d30d84bf4bc2f61605d8641e2ea6d63bcc513
                                                          • Opcode Fuzzy Hash: 0c33e0b598270197bc600052367e65d84ef360f6aef8c2abc148dac87ced5b77
                                                          • Instruction Fuzzy Hash: 98018FB220961A7EF62126786CC0F67665EDF913B9B30236BF521713D2DB618C42A160
                                                          Function 00F01A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00F01A47
                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F01A59
                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F01A6F
                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F01A8A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: 2a02a2c3a5526bded12fcd2b4b597e272660d75e5675f18ad64c6a3a7da536f8
                                                          • Instruction ID: d07b6a5658f7e0798f77a492c75ee26927054bc4cac4c340c49fb2c3ab0e6dad
                                                          • Opcode Fuzzy Hash: 2a02a2c3a5526bded12fcd2b4b597e272660d75e5675f18ad64c6a3a7da536f8
                                                          • Instruction Fuzzy Hash: 3011FA3AE01219FFEB119BA5CD85FADBB78FB04750F200091EA04B7290D6756E50EB94
                                                          Function 00F0E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentThreadId.KERNEL32 ref: 00F0E1FD
                                                          • MessageBoxW.USER32(?,?,?,?), ref: 00F0E230
                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00F0E246
                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00F0E24D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                          • String ID:
                                                          • API String ID: 2880819207-0
                                                          • Opcode ID: 0d07b80f2fdfece9a7cd63e420e4e66c6c399d63c62c8349889e9f0c546fb50f
                                                          • Instruction ID: d88c43fb431ed2daf933fd384dd7713f97dc93c10e7ed13b97392c13fdd762c0
                                                          • Opcode Fuzzy Hash: 0d07b80f2fdfece9a7cd63e420e4e66c6c399d63c62c8349889e9f0c546fb50f
                                                          • Instruction Fuzzy Hash: 3C110472D04218BBC7019FACAC09A9E7FADAB45324F004629F828E32D0D2B1C904A7A1
                                                          Function 00ECD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNEL32(00000000,?,00ECCFF9,00000000,00000004,00000000), ref: 00ECD218
                                                          • GetLastError.KERNEL32 ref: 00ECD224
                                                          • __dosmaperr.LIBCMT ref: 00ECD22B
                                                          • ResumeThread.KERNEL32(00000000), ref: 00ECD249
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                          • String ID:
                                                          • API String ID: 173952441-0
                                                          • Opcode ID: ebf7e474d6f14efb302bd39197ee9dfb8fb2e32276fdda550fb02237ad284230
                                                          • Instruction ID: 54c88dfcb336bdb575712511b9bcd7a041d3a7eea88e5325089cf0453df268d4
                                                          • Opcode Fuzzy Hash: ebf7e474d6f14efb302bd39197ee9dfb8fb2e32276fdda550fb02237ad284230
                                                          • Instruction Fuzzy Hash: 5301D676409208BBC7155BA5DD09FAE7AAEDF81330F20122DF925B21E0CB73C902D7A0
                                                          Function 00F39EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EB9BB2
                                                          • GetClientRect.USER32(?,?), ref: 00F39F31
                                                          • GetCursorPos.USER32(?), ref: 00F39F3B
                                                          • ScreenToClient.USER32(?,?), ref: 00F39F46
                                                          • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00F39F7A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Client$CursorLongProcRectScreenWindow
                                                          • String ID:
                                                          • API String ID: 4127811313-0
                                                          • Opcode ID: b9bc5fda722a9025a0df9eea9525e31253da4f270c2f9067524ad26d30d623df
                                                          • Instruction ID: 0f8a1ef9b46dde18119f642846136c7c58c71d467b5816830b10011536dd500b
                                                          • Opcode Fuzzy Hash: b9bc5fda722a9025a0df9eea9525e31253da4f270c2f9067524ad26d30d623df
                                                          • Instruction Fuzzy Hash: BA11573290421EABDB10EFA8D889DEE77BDFB05321F004451F911E3141D7B4BA81EBA1
                                                          Function 00EA600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00EA604C
                                                          • GetStockObject.GDI32(00000011), ref: 00EA6060
                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00EA606A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateMessageObjectSendStockWindow
                                                          • String ID:
                                                          • API String ID: 3970641297-0
                                                          • Opcode ID: 5b1817c1e486a334530e6c296fb056b6980f14054da0cd4411cf52d5109e7a0c
                                                          • Instruction ID: e2950c103cad7593247559a57523cccc5053e1b1827ef39936412554873a1665
                                                          • Opcode Fuzzy Hash: 5b1817c1e486a334530e6c296fb056b6980f14054da0cd4411cf52d5109e7a0c
                                                          • Instruction Fuzzy Hash: 00115E7250154DBFEF225FA49C84AEA7B6AEF0E364F051115FA146A150D732ECA0AB90
                                                          Function 00EC3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 00EC3B56
                                                            • Part of subcall function 00EC3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00EC3AD2
                                                            • Part of subcall function 00EC3AA3: ___AdjustPointer.LIBCMT ref: 00EC3AED
                                                          • _UnwindNestedFrames.LIBCMT ref: 00EC3B6B
                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00EC3B7C
                                                          • CallCatchBlock.LIBVCRUNTIME ref: 00EC3BA4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                          • String ID:
                                                          • API String ID: 737400349-0
                                                          • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                          • Instruction ID: f4325880bb3b73f4623a2d0648f5bd5e0280390392d8c28dbc621e11767fbda5
                                                          • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                          • Instruction Fuzzy Hash: 37012D72100148BBDF115EA5CD42EEB7BBDEF58758F049018FE4866121C733D962DBA0
                                                          Function 00ED3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00EA13C6,00000000,00000000,?,00ED301A,00EA13C6,00000000,00000000,00000000,?,00ED328B,00000006,FlsSetValue), ref: 00ED30A5
                                                          • GetLastError.KERNEL32(?,00ED301A,00EA13C6,00000000,00000000,00000000,?,00ED328B,00000006,FlsSetValue,00F42290,FlsSetValue,00000000,00000364,?,00ED2E46), ref: 00ED30B1
                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00ED301A,00EA13C6,00000000,00000000,00000000,?,00ED328B,00000006,FlsSetValue,00F42290,FlsSetValue,00000000), ref: 00ED30BF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad$ErrorLast
                                                          • String ID:
                                                          • API String ID: 3177248105-0
                                                          • Opcode ID: f044cc64ea05c91e4a131416f6773b197edbb7f63d189f32c38d01219f94fca2
                                                          • Instruction ID: c0be4568401d566db209e3cafa3358e90024be3465c55171eff337dc88e4e34f
                                                          • Opcode Fuzzy Hash: f044cc64ea05c91e4a131416f6773b197edbb7f63d189f32c38d01219f94fca2
                                                          • Instruction Fuzzy Hash: A1012B32301226EBCB314B79AC4499B7B99EF05B75B141622FD05F3340D721D902C7E1
                                                          Function 00F07464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00F0747F
                                                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00F07497
                                                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00F074AC
                                                          • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00F074CA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Type$Register$FileLoadModuleNameUser
                                                          • String ID:
                                                          • API String ID: 1352324309-0
                                                          • Opcode ID: 04003ccbf36ad6713653c898f8af904528373b0e47a5b9b4e6fb7f4323879e7a
                                                          • Instruction ID: b6fdd541e753b6da491fb2b70ada57d4deb1cf14e5dd156ff381be70dca82214
                                                          • Opcode Fuzzy Hash: 04003ccbf36ad6713653c898f8af904528373b0e47a5b9b4e6fb7f4323879e7a
                                                          • Instruction Fuzzy Hash: E311A1B9A05314DBE720EF14DC08B927BFDEB00B10F1085A9A656D61D1D7B0F904FBA0
                                                          Function 00F0B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00F0ACD3,?,00008000), ref: 00F0B0C4
                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F0ACD3,?,00008000), ref: 00F0B0E9
                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00F0ACD3,?,00008000), ref: 00F0B0F3
                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F0ACD3,?,00008000), ref: 00F0B126
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CounterPerformanceQuerySleep
                                                          • String ID:
                                                          • API String ID: 2875609808-0
                                                          • Opcode ID: 7475ea282bd0a629e16ea578bb8846e558d608a2ee004e62a8bff1228f49f180
                                                          • Instruction ID: 6fafb4a5876307296863e0145029b4403bb342f0bde35a58f6285ecaebfd4148
                                                          • Opcode Fuzzy Hash: 7475ea282bd0a629e16ea578bb8846e558d608a2ee004e62a8bff1228f49f180
                                                          • Instruction Fuzzy Hash: C6115B31C0152CE7CF00AFE5E958AEEBB78FF09721F104085D951B2281CB305660BB91
                                                          Function 00F37E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowRect.USER32(?,?), ref: 00F37E33
                                                          • ScreenToClient.USER32(?,?), ref: 00F37E4B
                                                          • ScreenToClient.USER32(?,?), ref: 00F37E6F
                                                          • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00F37E8A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ClientRectScreen$InvalidateWindow
                                                          • String ID:
                                                          • API String ID: 357397906-0
                                                          • Opcode ID: e4c7ac8c994010c0e04b5944fb276e1441dc315ba372e7ab89136e43b3c3b805
                                                          • Instruction ID: a52f1e7f64e625640f4b8dce4c3e1888dead2e7da4a2d159ab7e68241fa2264e
                                                          • Opcode Fuzzy Hash: e4c7ac8c994010c0e04b5944fb276e1441dc315ba372e7ab89136e43b3c3b805
                                                          • Instruction Fuzzy Hash: F51143B9D0020EAFDB51DF98C8849EEBBF5FB08310F505056E915E3210D735AA54DF90
                                                          Function 00F02DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F02DC5
                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F02DD6
                                                          • GetCurrentThreadId.KERNEL32 ref: 00F02DDD
                                                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00F02DE4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                          • String ID:
                                                          • API String ID: 2710830443-0
                                                          • Opcode ID: 6f5a760a200976a81958f47062fd79f68272fb50cad34f0347f845d1d238ef4c
                                                          • Instruction ID: 984e33ab0ce2a8b3b9fb37df7940c4c263b79ae92a06d3ace5f93a00ff4f5597
                                                          • Opcode Fuzzy Hash: 6f5a760a200976a81958f47062fd79f68272fb50cad34f0347f845d1d238ef4c
                                                          • Instruction Fuzzy Hash: F0E0ED725026287ADB202B639C0EFEB7E6DEB56BB1F400115B509E10909AA5C941F7F1
                                                          Function 00F38863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EB9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00EB9693
                                                            • Part of subcall function 00EB9639: SelectObject.GDI32(?,00000000), ref: 00EB96A2
                                                            • Part of subcall function 00EB9639: BeginPath.GDI32(?), ref: 00EB96B9
                                                            • Part of subcall function 00EB9639: SelectObject.GDI32(?,00000000), ref: 00EB96E2
                                                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00F38887
                                                          • LineTo.GDI32(?,?,?), ref: 00F38894
                                                          • EndPath.GDI32(?), ref: 00F388A4
                                                          • StrokePath.GDI32(?), ref: 00F388B2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                          • String ID:
                                                          • API String ID: 1539411459-0
                                                          • Opcode ID: af08fb0e60dbfae0ded6a0f8982dbd0eede912fc899d6d640f3c48ed5fd7cd40
                                                          • Instruction ID: 2c2e054adb27f2a5c7257654152722f0eff663556b4e5fa0ea0cda2aad559acb
                                                          • Opcode Fuzzy Hash: af08fb0e60dbfae0ded6a0f8982dbd0eede912fc899d6d640f3c48ed5fd7cd40
                                                          • Instruction Fuzzy Hash: 27F03A36045658BADB126F98AC09FCA3B6AAF06320F048000FB12B51E2C7795552EBE5
                                                          Function 00EB98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetSysColor.USER32(00000008), ref: 00EB98CC
                                                          • SetTextColor.GDI32(?,?), ref: 00EB98D6
                                                          • SetBkMode.GDI32(?,00000001), ref: 00EB98E9
                                                          • GetStockObject.GDI32(00000005), ref: 00EB98F1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Color$ModeObjectStockText
                                                          • String ID:
                                                          • API String ID: 4037423528-0
                                                          • Opcode ID: 65af200b9a342e0d3ec3125f08d4eecd91f2361fed54b74d37e50302b699d05c
                                                          • Instruction ID: 25103991d3df58198e39b54063a1bbf9dae8f3839a3448e628d887fa22f4abba
                                                          • Opcode Fuzzy Hash: 65af200b9a342e0d3ec3125f08d4eecd91f2361fed54b74d37e50302b699d05c
                                                          • Instruction Fuzzy Hash: DAE06531244248AADB215B74AC09BE93F11AB11736F048219F7F5640E1C3714640AB10
                                                          Function 00F0162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentThread.KERNEL32 ref: 00F01634
                                                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,00F011D9), ref: 00F0163B
                                                          • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00F011D9), ref: 00F01648
                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,00F011D9), ref: 00F0164F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentOpenProcessThreadToken
                                                          • String ID:
                                                          • API String ID: 3974789173-0
                                                          • Opcode ID: c6913a9da0d3659b8d6d789875d5c94201421481ba026ab70129d4e5af1eec28
                                                          • Instruction ID: 7f30d3e736cbee09edf0bc74968b4515af9b99dab2922c79376adcf897647ccd
                                                          • Opcode Fuzzy Hash: c6913a9da0d3659b8d6d789875d5c94201421481ba026ab70129d4e5af1eec28
                                                          • Instruction Fuzzy Hash: EEE08672A01215DBDB201FA09D0DB873B7DBF447B1F144808F245E9080D7348444E790
                                                          Function 00EFD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDesktopWindow.USER32 ref: 00EFD858
                                                          • GetDC.USER32(00000000), ref: 00EFD862
                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00EFD882
                                                          • ReleaseDC.USER32(?), ref: 00EFD8A3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                          • String ID:
                                                          • API String ID: 2889604237-0
                                                          • Opcode ID: 1efd48eeb183c24c806ff511acba528aea369d4d7125a02e4d96f183249480b8
                                                          • Instruction ID: 6bd14b197ce1292711880d87af363798ab2fca5da57fce924b5f0cc056dfceef
                                                          • Opcode Fuzzy Hash: 1efd48eeb183c24c806ff511acba528aea369d4d7125a02e4d96f183249480b8
                                                          • Instruction Fuzzy Hash: 04E0E5B5804208DFCB41AFA0D8096ADBBB2AB08320F249019E84AF7260C7389901AF90
                                                          Function 00EFD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDesktopWindow.USER32 ref: 00EFD86C
                                                          • GetDC.USER32(00000000), ref: 00EFD876
                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00EFD882
                                                          • ReleaseDC.USER32(?), ref: 00EFD8A3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                          • String ID:
                                                          • API String ID: 2889604237-0
                                                          • Opcode ID: 87764d2611dd42f9ef815f308a3b1e83604dfd77a1110634570580bacf4b431a
                                                          • Instruction ID: 89f7aa25675a0d4941d1cc731b8ead29d9d598da331b0b84ecf5d857df4ad678
                                                          • Opcode Fuzzy Hash: 87764d2611dd42f9ef815f308a3b1e83604dfd77a1110634570580bacf4b431a
                                                          • Instruction Fuzzy Hash: 82E09AB5904608DFCB51AFA0D84D66DBBF6BB08321F149459F94AF7260D7385901AF90
                                                          Function 00F14D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA7620: _wcslen.LIBCMT ref: 00EA7625
                                                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00F14ED4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Connection_wcslen
                                                          • String ID: *$LPT
                                                          • API String ID: 1725874428-3443410124
                                                          • Opcode ID: a8f4cdd6a350fc796adb42489063b7952dcf8ee267b0050044fc81e2753baa05
                                                          • Instruction ID: be95abe33980662aac6e7b79d503e3f5fb55b4e5ae28a6e0923297c9b21c77d9
                                                          • Opcode Fuzzy Hash: a8f4cdd6a350fc796adb42489063b7952dcf8ee267b0050044fc81e2753baa05
                                                          • Instruction Fuzzy Hash: D1914F75A002049FCB14DF58C484EA9BBF5BF89314F198099E446AF392D731ED86DB91
                                                          Function 00ECE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __startOneArgErrorHandling.LIBCMT ref: 00ECE30D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorHandling__start
                                                          • String ID: pow
                                                          • API String ID: 3213639722-2276729525
                                                          • Opcode ID: 2b778022bac5576f78a7b3c1c0ae963ef40db9e306052016ee361f5149a979eb
                                                          • Instruction ID: 246a35dd1b92a6ba562296715b1d8528ca9289701381ad9c1d77d79b704d5c39
                                                          • Opcode Fuzzy Hash: 2b778022bac5576f78a7b3c1c0ae963ef40db9e306052016ee361f5149a979eb
                                                          • Instruction Fuzzy Hash: 2C519B61A0C20196CB157718CA01BBA3BE4EB51744F707D6EF8D5723A9FB368CC79A42
                                                          Function 00EBE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #
                                                          • API String ID: 0-1885708031
                                                          • Opcode ID: c4dfc5e7ed19d2e14d780b9a3df94ebc0a4c117c084151fd45ebef3c565e8a15
                                                          • Instruction ID: 0b39ff3050e8da681442b953984b002597d60bdc8513b0669ced7fa27eadb421
                                                          • Opcode Fuzzy Hash: c4dfc5e7ed19d2e14d780b9a3df94ebc0a4c117c084151fd45ebef3c565e8a15
                                                          • Instruction Fuzzy Hash: 6751453550024ADFDB19EF68C0816FA7BA8EF16314F246066F951BB3E0D634AD42CB90
                                                          Function 00EBF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Sleep.KERNEL32(00000000), ref: 00EBF2A2
                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 00EBF2BB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: GlobalMemorySleepStatus
                                                          • String ID: @
                                                          • API String ID: 2783356886-2766056989
                                                          • Opcode ID: 1e8091e6347977b2da819594839c9475e53f10a6181c495cceb6f52eafc2475c
                                                          • Instruction ID: 7d4fce2c16d0735c75c02add7faabcb49e0153d6b4a75131e9db5bc9638869ca
                                                          • Opcode Fuzzy Hash: 1e8091e6347977b2da819594839c9475e53f10a6181c495cceb6f52eafc2475c
                                                          • Instruction Fuzzy Hash: 0E5157715087489FD320AF10DC86BABBBF8FB89300F81884CF1D9551A5EB30A529CB66
                                                          Function 00F25745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00F257E0
                                                          • _wcslen.LIBCMT ref: 00F257EC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: BuffCharUpper_wcslen
                                                          • String ID: CALLARGARRAY
                                                          • API String ID: 157775604-1150593374
                                                          • Opcode ID: 1531ccfc6a4a1201c2abb2fd8d264a8d8e138875461a4b67532f40ba94cb86ea
                                                          • Instruction ID: 4b6764ee396324f989bc3bb1795a62a9a287fbc28366ccd98c90ccc18e48385a
                                                          • Opcode Fuzzy Hash: 1531ccfc6a4a1201c2abb2fd8d264a8d8e138875461a4b67532f40ba94cb86ea
                                                          • Instruction Fuzzy Hash: CF41B231E002199FCB04DFA8D8819FEBBF5FF59760F105069E505AB292E774AD81DB90
                                                          Function 00F1D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 00F1D130
                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00F1D13A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CrackInternet_wcslen
                                                          • String ID: |
                                                          • API String ID: 596671847-2343686810
                                                          • Opcode ID: 03246fc541de5aca1f74d70a7f6018f4c16301fa3629cbaad68846de7d6c668e
                                                          • Instruction ID: 198d5b4d3c4fc3f594961b8d9396846783b9bbd45a2008984f23f029fd60a78a
                                                          • Opcode Fuzzy Hash: 03246fc541de5aca1f74d70a7f6018f4c16301fa3629cbaad68846de7d6c668e
                                                          • Instruction Fuzzy Hash: 1D314D72D00219ABDF15EFA4CC85AEEBFB9FF09310F004019F815BA161D735AA46DB50
                                                          Function 00F3356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(?,?,?,?), ref: 00F33621
                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00F3365C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$DestroyMove
                                                          • String ID: static
                                                          • API String ID: 2139405536-2160076837
                                                          • Opcode ID: dc64de5b09c5277fa27e44d5025b8ebd120cda9b777e20497106a2d6eb5ac91b
                                                          • Instruction ID: ff8ebd6746b7af6b82cafe9e754d39bdbf58c38a516eeb763c82d63635c46776
                                                          • Opcode Fuzzy Hash: dc64de5b09c5277fa27e44d5025b8ebd120cda9b777e20497106a2d6eb5ac91b
                                                          • Instruction Fuzzy Hash: 3A318D71510204AEDB20DF28DC81EFB73A9FF88770F109619F8A5D7290DA34AD91E760
                                                          Function 00F34537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00F3461F
                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F34634
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID: '
                                                          • API String ID: 3850602802-1997036262
                                                          • Opcode ID: 14b17e229f8efe463046f9fdbb91b057c8fa5fb12b8d29b7b6146498080a438d
                                                          • Instruction ID: 9962d9516a707cc2d3a45eca197d7742a8206fa22a2a76129398c63fed5cbf43
                                                          • Opcode Fuzzy Hash: 14b17e229f8efe463046f9fdbb91b057c8fa5fb12b8d29b7b6146498080a438d
                                                          • Instruction Fuzzy Hash: 9C311475E0020A9FDB54CFA9C981BDABBB5FF09320F14406AE904AB381D770B941DF90
                                                          Function 00F331EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00F3327C
                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F33287
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID: Combobox
                                                          • API String ID: 3850602802-2096851135
                                                          • Opcode ID: a5bdb00d14948d7e73d8b025b641e16a7eb0bf40a79a71d74c7c257771f31717
                                                          • Instruction ID: 11fa5c4cb67e980b2f8efbc9a4a4e7af003ea465b7f16b90426e23d489ec21c1
                                                          • Opcode Fuzzy Hash: a5bdb00d14948d7e73d8b025b641e16a7eb0bf40a79a71d74c7c257771f31717
                                                          • Instruction Fuzzy Hash: AF11B271700208BFEF21DE54DC81EBB376BEB983B4F104228F918AB290D671DD51A760
                                                          Function 00F33710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00EA604C
                                                            • Part of subcall function 00EA600E: GetStockObject.GDI32(00000011), ref: 00EA6060
                                                            • Part of subcall function 00EA600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00EA606A
                                                          • GetWindowRect.USER32(00000000,?), ref: 00F3377A
                                                          • GetSysColor.USER32(00000012), ref: 00F33794
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                          • String ID: static
                                                          • API String ID: 1983116058-2160076837
                                                          • Opcode ID: d85196ac61ac25f6074143a3b7a942c1e87971f39d09dcda7853956560112715
                                                          • Instruction ID: 28c415bf258d8fc7dfd3ffa054cda522b14cbc11a82152fcefe731cbdfde6672
                                                          • Opcode Fuzzy Hash: d85196ac61ac25f6074143a3b7a942c1e87971f39d09dcda7853956560112715
                                                          • Instruction Fuzzy Hash: FB1129B2610209AFDF10DFA8CC46AEA7BB9FB09364F014514FD55E2250D735E851AB50
                                                          Function 00F1CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00F1CD7D
                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00F1CDA6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Internet$OpenOption
                                                          • String ID: <local>
                                                          • API String ID: 942729171-4266983199
                                                          • Opcode ID: 4856a21413ebb16c17f04ce7c3a1ed918526791e3583fabf718b1e2467383b89
                                                          • Instruction ID: d4a2e6ea19ddd5432a9071bca7ca6109634ee6483d8fbd22f68fa092b978fab6
                                                          • Opcode Fuzzy Hash: 4856a21413ebb16c17f04ce7c3a1ed918526791e3583fabf718b1e2467383b89
                                                          • Instruction Fuzzy Hash: 7611C672685636BAD7344B669C45FE7BE6DEF127B4F004226F52993180D7709880E6F0
                                                          Function 00F33429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowTextLengthW.USER32(00000000), ref: 00F334AB
                                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00F334BA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: LengthMessageSendTextWindow
                                                          • String ID: edit
                                                          • API String ID: 2978978980-2167791130
                                                          • Opcode ID: b0eb30d318f399d752de81fd51b927a973d4f6f9408931ab48ae9b5f920307da
                                                          • Instruction ID: 786f91c1d48b41f3fb794a1a95b7115189617869fd4af45cefda0cb6268d3f5f
                                                          • Opcode Fuzzy Hash: b0eb30d318f399d752de81fd51b927a973d4f6f9408931ab48ae9b5f920307da
                                                          • Instruction Fuzzy Hash: B6118C71500208ABEB22CF64DC84AEB3BAAEB05374F514324F965A71E4C775EC91AB61
                                                          Function 00F06C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                          • CharUpperBuffW.USER32(?,?,?), ref: 00F06CB6
                                                          • _wcslen.LIBCMT ref: 00F06CC2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$BuffCharUpper
                                                          • String ID: STOP
                                                          • API String ID: 1256254125-2411985666
                                                          • Opcode ID: 288d32d6882b4f78be2fd6e6e8a08f1e0f360fe33cb3562e909266590b29637d
                                                          • Instruction ID: 040f4f83d51844879ef18d97d50f7a0159b295e3cdecb920b2269bfb6b89f7cc
                                                          • Opcode Fuzzy Hash: 288d32d6882b4f78be2fd6e6e8a08f1e0f360fe33cb3562e909266590b29637d
                                                          • Instruction Fuzzy Hash: 6601C432A005278BDB209FBDDC81ABF77E5EA657207104529E852E61D1EB31E960F650
                                                          Function 00F01CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00F03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F03CCA
                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00F01D4C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassMessageNameSend_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 624084870-1403004172
                                                          • Opcode ID: 202ffc10e458711fb6702161f94963682ed3131fdb5943455328552321b1bb02
                                                          • Instruction ID: a3c0c6f40c1f7623b9d33e8e5b32fee1b362e7744e30246c44c76f3bc426f025
                                                          • Opcode Fuzzy Hash: 202ffc10e458711fb6702161f94963682ed3131fdb5943455328552321b1bb02
                                                          • Instruction Fuzzy Hash: 4501DD71A01114ABDB08EBA4CD51DFE73A8FB47360B140519F822772C1DA345908B760
                                                          Function 00F01BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00F03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F03CCA
                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00F01C46
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassMessageNameSend_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 624084870-1403004172
                                                          • Opcode ID: a7c4d0555f6c2b1bb7991b150a48f75f7e6eebba4fb1730d79db82473a4daeca
                                                          • Instruction ID: 8728e0c12dc99395756ee11ac9eecbc64b560d1d653e77a0b81c5aadc0e31143
                                                          • Opcode Fuzzy Hash: a7c4d0555f6c2b1bb7991b150a48f75f7e6eebba4fb1730d79db82473a4daeca
                                                          • Instruction Fuzzy Hash: 0E01AC75A4110467DF08E790CE51EFF77E8AB56350F144015B406771C2EA24DE48B6B1
                                                          Function 00F01C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00F03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F03CCA
                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00F01CC8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassMessageNameSend_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 624084870-1403004172
                                                          • Opcode ID: 3d5751f42f9c31ff57db6cc1b7f6ae0089942c175a351a5dbf2d545f6b0e1457
                                                          • Instruction ID: 6dd56cf10a8474ec25508c1b2fb814f7bc252eed0129e333ca102a7e92fc04d0
                                                          • Opcode Fuzzy Hash: 3d5751f42f9c31ff57db6cc1b7f6ae0089942c175a351a5dbf2d545f6b0e1457
                                                          • Instruction Fuzzy Hash: DB01DB71B4011867DB04E790CE11AFEB3ECAB16350F144015B801772C2EA24DF08F671
                                                          Function 00F01D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EA9CB3: _wcslen.LIBCMT ref: 00EA9CBD
                                                            • Part of subcall function 00F03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F03CCA
                                                          • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00F01DD3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassMessageNameSend_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 624084870-1403004172
                                                          • Opcode ID: 49c79877a2760a8b7c814e874b4feba64cd207c4881c0ccb75cc23601ccfb602
                                                          • Instruction ID: ac308dd18b03d53217fc1466cf7472bf12d11d8df367b7e57d08f747c782e323
                                                          • Opcode Fuzzy Hash: 49c79877a2760a8b7c814e874b4feba64cd207c4881c0ccb75cc23601ccfb602
                                                          • Instruction Fuzzy Hash: C1F0A471A4161866DB08E7A4CD52BFEB7ACBB06760F540915B822B72C2DA64A908B261
                                                          Function 00EBFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00EC0668
                                                            • Part of subcall function 00EC32A4: RaiseException.KERNEL32(?,?,?,00EC068A,?,00F71444,?,?,?,?,?,?,00EC068A,00EA1129,00F68738,00EA1129), ref: 00EC3304
                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00EC0685
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                          • String ID: Unknown exception
                                                          • API String ID: 3476068407-410509341
                                                          • Opcode ID: f2626ae2b3ef24d898e3b2cde4ecdb7df39bedbaa547a67e60cce7a7f78905ce
                                                          • Instruction ID: 08854de13aa5f1b039e85d6196d9358a94ef5b968fe6ffa395808d93a1a608a2
                                                          • Opcode Fuzzy Hash: f2626ae2b3ef24d898e3b2cde4ecdb7df39bedbaa547a67e60cce7a7f78905ce
                                                          • Instruction Fuzzy Hash: BEF0A434900209B78F14BA64ED56E9E77AC5E00354B605539F814B55A1EF73DA278581
                                                          Function 00F2747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID: 3, 3, 16, 1
                                                          • API String ID: 176396367-3042988571
                                                          • Opcode ID: b236ad0d997f44d62f397c068335f40f0c595ad43bd5f6c33f3538d77930b800
                                                          • Instruction ID: b059319d06117892451041d448711bd6d3a110ee439141f6387fdd7a5d6b89bc
                                                          • Opcode Fuzzy Hash: b236ad0d997f44d62f397c068335f40f0c595ad43bd5f6c33f3538d77930b800
                                                          • Instruction Fuzzy Hash: E2E02B42A053319093313279BDD1EBF56C9CFC5760710282FF981D22A6EAA5CD92A3A1
                                                          Function 00F00B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00F00B23
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Message
                                                          • String ID: AutoIt$Error allocating memory.
                                                          • API String ID: 2030045667-4017498283
                                                          • Opcode ID: b5b5ed33034368a575d8de1bd631a1603867782760a041ef26622da181330476
                                                          • Instruction ID: e27deea8a5e774bdc8b65eb2e897be5dedc770ae45f69c61d975bbef74f3b415
                                                          • Opcode Fuzzy Hash: b5b5ed33034368a575d8de1bd631a1603867782760a041ef26622da181330476
                                                          • Instruction Fuzzy Hash: B3E048312453182AD21436547C03FD97AC48F05F71F11142AFB58B95C38AD2A55067EA
                                                          Function 00EC0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00EBF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00EC0D71,?,?,?,00EA100A), ref: 00EBF7CE
                                                          • IsDebuggerPresent.KERNEL32(?,?,?,00EA100A), ref: 00EC0D75
                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00EA100A), ref: 00EC0D84
                                                          Strings
                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00EC0D7F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                          • API String ID: 55579361-631824599
                                                          • Opcode ID: 3b51f38cd9ea9f0fcee4725402e1aa4e1facf6f72c90dadc5c923b9ee96e26d8
                                                          • Instruction ID: d791807934928b91629f57d78a2b1e12fe9677319ef7205e56403ecb773bae8d
                                                          • Opcode Fuzzy Hash: 3b51f38cd9ea9f0fcee4725402e1aa4e1facf6f72c90dadc5c923b9ee96e26d8
                                                          • Instruction Fuzzy Hash: DDE06D702003118BD3609FB8D9047427BE1AB04B54F00496DE886E6651DBB5E4899BD1
                                                          Function 00F13017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00F1302F
                                                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00F13044
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: Temp$FileNamePath
                                                          • String ID: aut
                                                          • API String ID: 3285503233-3010740371
                                                          • Opcode ID: 96d22d09eeafe11ec109bebf0e93ff72eec1ba191d3437c781cfea6420fa3aef
                                                          • Instruction ID: 85e4a4ef73f830d63c8778c09fcd41ed308d536873c715eb13c89890804b7e98
                                                          • Opcode Fuzzy Hash: 96d22d09eeafe11ec109bebf0e93ff72eec1ba191d3437c781cfea6420fa3aef
                                                          • Instruction Fuzzy Hash: A0D05E7250032867DA20A7A4AC0EFCB3A6CDB04760F0002A1BA55E2091DAB4D984CBD0
                                                          Function 00EFD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: LocalTime
                                                          • String ID: %.3d$X64
                                                          • API String ID: 481472006-1077770165
                                                          • Opcode ID: 3dbff40a57c294e594a937da430da41fe25cabddf6bb59d13e10496a3133a4e4
                                                          • Instruction ID: a4110e2f65bc5859714f65cc37d28252f30a3869dcef62e962466a586c4dec4b
                                                          • Opcode Fuzzy Hash: 3dbff40a57c294e594a937da430da41fe25cabddf6bb59d13e10496a3133a4e4
                                                          • Instruction Fuzzy Hash: FCD0126180C10CE9DB50A7D0CC458FABBBDEB08311F509452FA06B1051E624C50877A2
                                                          Function 00F32356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F3236C
                                                          • PostMessageW.USER32(00000000), ref: 00F32373
                                                            • Part of subcall function 00F0E97B: Sleep.KERNEL32 ref: 00F0E9F3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FindMessagePostSleepWindow
                                                          • String ID: Shell_TrayWnd
                                                          • API String ID: 529655941-2988720461
                                                          • Opcode ID: 911b9c72bed321f52d3281aeed50d905a7ac7da10fdf831230a9d913f9d714e4
                                                          • Instruction ID: 3fd831911296834ee5de7b6f5c4ab315c00c297c173a014b6edfe0a0591909f7
                                                          • Opcode Fuzzy Hash: 911b9c72bed321f52d3281aeed50d905a7ac7da10fdf831230a9d913f9d714e4
                                                          • Instruction Fuzzy Hash: D6D0C932381314BAE6A4A7709C0FFC676159B05B20F0049167645FA1D0C9A4A801AB94
                                                          Function 00F32322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F3232C
                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00F3233F
                                                            • Part of subcall function 00F0E97B: Sleep.KERNEL32 ref: 00F0E9F3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: FindMessagePostSleepWindow
                                                          • String ID: Shell_TrayWnd
                                                          • API String ID: 529655941-2988720461
                                                          • Opcode ID: 87c1e2c5e3edca508811bc11ed750160439074ed7bcc9f0e0eded4386ef86ae4
                                                          • Instruction ID: 3af3003a943026f5319dc0999a99d5d9c8037131d31905bb37ec63035ca8c392
                                                          • Opcode Fuzzy Hash: 87c1e2c5e3edca508811bc11ed750160439074ed7bcc9f0e0eded4386ef86ae4
                                                          • Instruction Fuzzy Hash: 63D01236394314B7E6B4B770DC0FFC67A159B00B20F0049167749FA1D0C9F4A801EB94
                                                          Function 00EDBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00EDBE93
                                                          • GetLastError.KERNEL32 ref: 00EDBEA1
                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EDBEFC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3305687002.0000000000EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true
                                                          • Associated: 00000000.00000002.3305661204.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305787193.0000000000F62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3305921587.0000000000F6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3306030014.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ea0000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                          • String ID:
                                                          • API String ID: 1717984340-0
                                                          • Opcode ID: c3a5308528700a4fb063c83eef3f7966ecbe70b5adff63d7caa1f2b0c1d73afc
                                                          • Instruction ID: 22c3f7aef9d6a9395506a94ba0f44ebb7a022dcc2fdd047f08e3e9f45a423dc8
                                                          • Opcode Fuzzy Hash: c3a5308528700a4fb063c83eef3f7966ecbe70b5adff63d7caa1f2b0c1d73afc
                                                          • Instruction Fuzzy Hash: 0841C435700246EFCB218F65CC44AAA7BE5EF41324F16616AFD59B73A1EB318D02DB50