Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
81zBpBAWwc.exe

Overview

General Information

Sample name:81zBpBAWwc.exe
renamed because original name is a hash value
Original sample name:8837df25aabc4fad85e851aca192f714.exe
Analysis ID:1526371
MD5:8837df25aabc4fad85e851aca192f714
SHA1:c4fbd38356b7ee16eaf21deb83170bbcb0fe566a
SHA256:741cee2c6f6f8ee8a54923fa2a0c88085cede35bdc2e95b1b9f1800e894e6c19
Tags:exeuser-abuse_ch
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Powershell launch regsvr32
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Sets debug register (to hijack the execution of another thread)
Sigma detected: Outbound RDP Connections Over Non-Standard Tools
Sigma detected: Potentially Suspicious Malware Callback Communication
Suspicious powershell command line found
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to several IPs in different countries
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to detect virtual machines (SLDT)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Dllhost Internet Connection
Sigma detected: Network Connection Initiated By Regsvr32.EXE
Sigma detected: Potential Regsvr32 Commandline Flag Anomaly
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • 81zBpBAWwc.exe (PID: 7476 cmdline: "C:\Users\user\Desktop\81zBpBAWwc.exe" MD5: 8837DF25AABC4FAD85E851ACA192F714)
    • powershell.exe (PID: 7492 cmdline: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • regsvr32.exe (PID: 7744 cmdline: "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
  • regsvr32.exe (PID: 7668 cmdline: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • OpenWith.exe (PID: 7700 cmdline: "C:\Windows\system32\openwith.exe" MD5: E4A834784FA08C17D47A1E72429C5109)
      • wmpnscfg.exe (PID: 8048 cmdline: "C:\Program Files\Windows Media Player\wmpnscfg.exe" MD5: F912FF78DE347834EA56CEB0E12F80EC)
        • dllhost.exe (PID: 8080 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
      • rekeywiz.exe (PID: 8100 cmdline: "C:\Windows\system32\rekeywiz.exe" MD5: A24EFFD38DDC2FFAB4F0592CA2CC585E)
      • rekeywiz.exe (PID: 6352 cmdline: "C:\Windows\system32\rekeywiz.exe" MD5: A24EFFD38DDC2FFAB4F0592CA2CC585E)
        • powershell.exe (PID: 7228 cmdline: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{88C88888-CCCC-4CC8-CCCC-C8CCC8888000}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 7220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • regsvr32.exe (PID: 2140 cmdline: "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
  • regsvr32.exe (PID: 6860 cmdline: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000004.00000003.1838129032.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        00000004.00000003.1860404032.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          00000004.00000003.1848367747.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 80 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.3.OpenWith.exe.149ea6f0000.5.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              4.3.OpenWith.exe.149ea410000.4.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                3.3.regsvr32.exe.1c680000.5.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  4.3.OpenWith.exe.149ea410000.4.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    3.3.regsvr32.exe.1c3a0000.4.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 3 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Outbound RDP Connections Over Non-Standard Tools
                      Source: Network ConnectionAuthor: Markus Neis: Data: DestinationIp: 104.223.122.15, DestinationIsIpv6: false, DestinationPort: 3389, EventID: 3, Image: C:\Windows\System32\rekeywiz.exe, Initiated: true, ProcessId: 8100, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 57393
                      Sigma detected: Potentially Suspicious Malware Callback Communication
                      Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 185.196.9.174, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Windows\System32\regsvr32.exe, Initiated: true, ProcessId: 6860, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 57406
                      Sigma detected: Dllhost Internet Connection
                      Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 46.29.238.96, DestinationIsIpv6: false, DestinationPort: 4872, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 8080, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49739
                      Sigma detected: Network Connection Initiated By Regsvr32.EXE
                      Source: Network ConnectionAuthor: Dmitriy Lifanov, oscd.community: Data: DestinationIp: 185.196.9.174, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Windows\System32\regsvr32.exe, Initiated: true, ProcessId: 6860, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 57406
                      Sigma detected: Potential Regsvr32 Commandline Flag Anomaly
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini, CommandLine: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini, CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini, ProcessId: 7668, ProcessName: regsvr32.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine|base64offset|contains: -, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\81zBpBAWwc.exe", ParentImage: C:\Users\user\Desktop\81zBpBAWwc.exe, ParentProcessId: 7476, ParentProcessName: 81zBpBAWwc.exe, ProcessCommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", ProcessId: 7492, ProcessName: powershell.exe

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Sigma detected: Powershell launch regsvr32
                      Source: Process startedAuthor: Joe Security: Data: Command: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine|base64offset|contains: -, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\81zBpBAWwc.exe", ParentImage: C:\Users\user\Desktop\81zBpBAWwc.exe, ParentProcessId: 7476, ParentProcessName: 81zBpBAWwc.exe, ProcessCommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", ProcessId: 7492, ProcessName: powershell.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-05T14:33:18.518868+020028548242Potentially Bad Traffic147.45.126.713752192.168.2.449737TCP
                      2024-10-05T14:33:28.169435+020028548242Potentially Bad Traffic147.45.126.713752192.168.2.449738TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-05T14:33:57.322189+020028424781Malware Command and Control Activity Detected185.196.9.1747777192.168.2.457406TCP
                      2024-10-05T14:35:02.831698+020028424781Malware Command and Control Activity Detected185.196.9.1747777192.168.2.458626TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-05T14:33:07.055635+020028548021Domain Observed Used for C2 Detected147.45.126.713752192.168.2.449730TCP
                      2024-10-05T14:33:18.518868+020028548021Domain Observed Used for C2 Detected147.45.126.713752192.168.2.449737TCP
                      2024-10-05T14:33:28.169435+020028548021Domain Observed Used for C2 Detected147.45.126.713752192.168.2.449738TCP
                      2024-10-05T14:33:34.235800+020028548021Domain Observed Used for C2 Detected46.29.238.964872192.168.2.449739TCP
                      2024-10-05T14:35:03.776364+020028548021Domain Observed Used for C2 Detected46.29.238.964872192.168.2.458627TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 3.3.regsvr32.exe.2a24f90.7.raw.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\ACKq.iniVirustotal: Detection: 7%Perma Link
                      Source: C:\Users\user\AppData\Roaming\oc82.iniVirustotal: Detection: 6%Perma Link
                      Multi AV Scanner detection for submitted file
                      Source: 81zBpBAWwc.exeReversingLabs: Detection: 39%
                      Source: 81zBpBAWwc.exeVirustotal: Detection: 48%Perma Link
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:57391 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:57395 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:57479 version: TLS 1.2
                      Source: 81zBpBAWwc.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: kernel32.pdbUGP source: regsvr32.exe, 00000003.00000003.1734850005.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1734930307.000000001C460000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744663903.00000149EA410000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744748807.00000149EA4D0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdbUGP source: regsvr32.exe, 00000003.00000003.1735435044.000000001C680000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1735195226.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1745138145.00000149EA6F0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744894909.00000149EA410000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: regsvr32.exe, 00000003.00000003.1734494112.000000001C590000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1733761605.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744046872.00000149EA410000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744297560.00000149EA600000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: OpenWith.exe, 00000004.00000003.1851414734.00000149EABE0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: kernel32.pdb source: regsvr32.exe, 00000003.00000003.1734850005.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1734930307.000000001C460000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744663903.00000149EA410000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744748807.00000149EA4D0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: regsvr32.exe, 00000003.00000003.1734494112.000000001C590000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1733761605.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744046872.00000149EA410000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744297560.00000149EA600000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: winload_prod.pdb source: OpenWith.exe, 00000004.00000003.1851414734.00000149EAC00000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: OpenWith.exe, 00000004.00000003.1851414734.00000149EABF8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdb source: wmpnscfg.exe, 00000009.00000003.1994611962.000001C7BCF80000.00000004.00000001.00020000.00000000.sdmp, wmpnscfg.exe, 00000009.00000003.1994546000.000001C7BCF50000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdbGCTL source: wmpnscfg.exe, 00000009.00000003.1994611962.000001C7BCF80000.00000004.00000001.00020000.00000000.sdmp, wmpnscfg.exe, 00000009.00000003.1994546000.000001C7BCF50000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdb source: regsvr32.exe, 00000003.00000003.1735435044.000000001C680000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1735195226.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1745138145.00000149EA6F0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744894909.00000149EA410000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997140F0 memcpy,memcpy,memset,FindFirstFileW,memcpy,GetLastError,FindClose,GetLastError,0_2_00007FF6997140F0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12940F0 memcpy,memcpy,memset,FindFirstFileW,memcpy,GetLastError,FindClose,GetLastError,12_2_00007FF6D12940F0
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppDataJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\DefaultJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStoreJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalizationJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\LocalJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\MicrosoftJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then ret 3_2_1BDA10BC
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 4x nop then dec esp9_2_000001C7BCC85641
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 4x nop then dec esp11_2_00000215F7CE5641
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 4x nop then ret 12_2_0000022C138E108E
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 4x nop then dec esp12_2_0000022C138E5641

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 147.45.126.71:3752 -> 192.168.2.4:49730
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 147.45.126.71:3752 -> 192.168.2.4:49737
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 147.45.126.71:3752 -> 192.168.2.4:49738
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 46.29.238.96:4872 -> 192.168.2.4:49739
                      Source: Network trafficSuricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 185.196.9.174:7777 -> 192.168.2.4:57406
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 46.29.238.96:4872 -> 192.168.2.4:58627
                      Source: Network trafficSuricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 185.196.9.174:7777 -> 192.168.2.4:58626
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 185.196.9.174 7777
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm
                      Source: unknownNetwork traffic detected: IP country count 31
                      Source: global trafficTCP traffic: 192.168.2.4:49730 -> 147.45.126.71:3752
                      Source: global trafficTCP traffic: 192.168.2.4:49739 -> 46.29.238.96:4872
                      Source: global trafficTCP traffic: 192.168.2.4:49741 -> 130.133.110.14:33445
                      Source: global trafficTCP traffic: 192.168.2.4:49742 -> 194.249.212.109:33445
                      Source: global trafficTCP traffic: 192.168.2.4:57393 -> 104.223.122.15:3389
                      Source: global trafficTCP traffic: 192.168.2.4:57394 -> 51.254.84.212:33445
                      Source: global trafficTCP traffic: 192.168.2.4:57406 -> 185.196.9.174:7777
                      Source: global trafficTCP traffic: 192.168.2.4:57412 -> 185.58.206.164:33445
                      Source: global trafficTCP traffic: 192.168.2.4:57413 -> 195.93.190.6:33445
                      Source: global trafficTCP traffic: 192.168.2.4:57476 -> 95.215.44.78:3389
                      Source: global trafficTCP traffic: 192.168.2.4:57477 -> 163.172.136.118:3389
                      Source: global trafficTCP traffic: 192.168.2.4:57533 -> 37.97.185.116:33445
                      Source: global trafficTCP traffic: 192.168.2.4:57534 -> 80.87.193.193:3389
                      Source: global trafficTCP traffic: 192.168.2.4:57575 -> 46.229.52.198:33445
                      Source: global trafficTCP traffic: 192.168.2.4:57576 -> 85.21.144.224:33445
                      Source: global trafficTCP traffic: 192.168.2.4:57577 -> 37.187.122.30:3389
                      Source: global trafficTCP traffic: 192.168.2.4:57578 -> 205.185.116.116:33445
                      Source: global trafficTCP traffic: 192.168.2.4:57676 -> 198.98.51.198:3389
                      Source: global trafficTCP traffic: 192.168.2.4:57677 -> 104.233.104.126:33445
                      Source: global trafficTCP traffic: 192.168.2.4:57681 -> 148.251.23.146:2306
                      Source: global trafficTCP traffic: 192.168.2.4:57683 -> 193.124.186.205:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 181.129.138.155:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 5.161.114.184:34021
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 89.210.166.173:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 91.92.137.228:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 54.170.22.144:33448
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 3.110.12.133:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 2.136.107.96:1320
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 40.76.229.31:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 85.130.224.235:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 164.132.42.141:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 74.108.23.201:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 46.137.120.12:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 108.128.26.220:33446
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 54.170.106.110:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 217.224.92.120:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 99.186.81.111:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 213.159.68.101:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 90.242.29.95:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 52.51.137.106:33446
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 34.241.110.200:33448
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 138.68.105.169:33446
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 148.251.8.19:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 104.194.143.68:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 155.138.145.67:61384
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 95.216.177.210:64093
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 79.236.100.248:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 80.85.141.68:33449
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 89.238.141.230:44766
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 188.245.67.250:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 96.55.239.247:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 94.177.230.163:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 46.249.49.17:1232
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 148.251.52.209:33450
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 79.127.222.216:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 37.120.143.202:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 82.102.27.163:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 5.227.11.201:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 185.228.233.50:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 212.129.41.121:52431
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 91.227.18.172:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 54.170.144.10:33448
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 94.125.9.47:49581
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 185.92.221.198:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 88.196.188.239:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 194.26.135.86:33446
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 199.247.16.86:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 101.99.93.180:57192
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 45.129.56.135:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 77.48.74.95:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 146.19.213.122:61128
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 158.247.196.119:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 188.241.176.236:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 193.233.134.70:33446
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 185.174.137.12:59804
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 5.19.249.240:38296
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 141.164.38.70:1059
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 5.188.118.119:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 114.144.161.254:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 103.245.193.234:44610
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 94.233.72.48:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 79.125.79.101:33446
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 92.100.206.10:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 94.232.45.36:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 212.75.29.156:56528
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 95.24.122.206:36443
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 116.255.38.20:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 138.199.15.153:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 66.70.179.236:32557
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 199.197.15.25:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 54.216.51.54:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 217.165.73.29:33446
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 188.170.74.198:42530
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 47.146.159.131:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 106.73.1.162:34069
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 44.210.236.8:33446
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 3.248.105.39:33446
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 99.224.99.93:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 149.22.94.16:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 91.227.77.240:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 146.70.224.90:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 5.228.114.154:1341
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 62.216.201.17:9387
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 168.119.209.10:28215
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 136.243.190.131:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 135.181.91.195:26042
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 110.93.247.72:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 176.126.113.11:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 45.136.49.8:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 185.86.77.27:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 185.80.234.12:33447
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 81.19.138.213:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 45.227.255.112:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 46.46.74.185:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 89.1.161.63:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 143.244.42.106:33447
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 45.88.106.247:33449
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 34.246.111.22:33447
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 156.34.45.130:16161
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 103.124.92.249:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 176.194.206.41:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 87.120.112.80:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 54.228.90.186:33447
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 13.82.90.69:35569
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 41.33.65.206:33447
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 95.211.95.28:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 37.120.155.10:5406
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 213.172.95.31:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 95.25.63.192:10775
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 31.14.252.246:33446
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 193.29.13.21:33445
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 80.82.54.246:1024
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 77.239.216.254:13436
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 85.95.178.227:1793
                      Source: global trafficUDP traffic: 192.168.2.4:33445 -> 185.120.145.82:33447
                      Source: global trafficTCP traffic: 192.168.2.4:57389 -> 162.159.36.2:53
                      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                      Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 147.45.126.71:3752 -> 192.168.2.4:49737
                      Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 147.45.126.71:3752 -> 192.168.2.4:49738
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.126.71
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699717D00 recv,WSAGetLastError,0_2_00007FF699717D00
                      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=uEnGmW4R2wLmeAx&MD=ZEn5E+1s HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=uEnGmW4R2wLmeAx&MD=ZEn5E+1s HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120100v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: regsvr32.exe, 00000003.00000002.1746225647.0000000002717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.mic
                      Source: powershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: wmpnscfg.exe, 00000009.00000002.2909747094.000001C7BD0B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm
                      Source: OpenWith.exe, 00000004.00000003.1869736232.00000149EA1B5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1873103195.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872109543.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1885726593.00000149EA1D7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1908967423.00000149EA1C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1822622813.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867102224.00000149EA1B3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2024260360.00000149EA1C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1900428206.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1909073317.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2024290056.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wmv
                      Source: OpenWith.exe, 00000004.00000003.1868960261.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868637708.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869190757.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868551752.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1870607624.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869469935.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                      Source: OpenWith.exe, 00000004.00000003.1868960261.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868637708.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869190757.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868551752.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1870607624.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869469935.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: OpenWith.exe, 00000004.00000003.1868960261.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868637708.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869190757.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868551752.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1870607624.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869469935.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: OpenWith.exe, 00000004.00000003.1868960261.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868637708.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869190757.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868551752.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1870607624.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869469935.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: powershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: OpenWith.exe, 00000004.00000003.1884795544.00000149EA402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com
                      Source: OpenWith.exe, 00000004.00000003.1884795544.00000149EA402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com
                      Source: OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: powershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: OpenWith.exe, 00000004.00000003.1870607624.00000149EA3F6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872038255.00000149EA3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/arti
                      Source: OpenWith.exe, 00000004.00000003.1874341176.00000149EA2F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                      Source: OpenWith.exe, 00000004.00000003.1869469935.00000149EA3DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                      Source: OpenWith.exe, 00000004.00000003.1870607624.00000149EA3F6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872038255.00000149EA3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e1
                      Source: OpenWith.exe, 00000004.00000003.1874341176.00000149EA2F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                      Source: OpenWith.exe, 00000004.00000003.1869469935.00000149EA3DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                      Source: OpenWith.exe, 00000004.00000003.1868960261.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868637708.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869190757.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868551752.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1870607624.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869469935.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58054 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57680 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57462 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57489
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57622 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58457
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57645 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57496
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57404 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57668 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58586
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57497
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57498
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58104
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58588
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57499
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58103
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57492
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57493
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57494
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57495
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57427 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57490
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57491
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57507 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57656 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57438 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57530 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58228
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58354
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58230
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57473 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57565 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58353
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57611 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58432 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57416 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57439 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57657 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57554 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58203 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58180 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57497 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57609 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57397
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58003
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57398
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57399
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58004
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58534 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58482
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57395
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57396
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58484
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57391
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57541 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57484 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58078 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58328 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58353 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57954 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57599 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57461 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57518 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58128
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57623 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58053 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57405 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58378
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57450 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57588 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58130
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58254
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58253
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57529 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57804 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57634 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58304 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57598 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57437 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57414 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57449
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57472 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57552 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57445
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57566
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57446
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57567
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58534
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57447
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57568
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57448
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57569
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58536
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57452
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57573
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57453
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57574
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57454
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57455
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57570
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57450
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57571
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57451
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57572
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57612 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57543 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57520 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57635 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58030 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58204 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57456
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57498 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58304
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57457
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57646 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58303
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57458
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57579
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57608 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57459
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57463
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57584
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58432
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57464
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57585
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57465
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57586
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57403 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57466
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57587
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57449 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57580
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57460
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57581
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57461
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57582
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57586 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58430
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57462
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57583
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57483 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57395 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57670 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57978 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58354 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57460 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57531 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57519 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57467
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57588
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57468
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57589
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57647 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57469
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57624 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57474
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57595
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57596
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57597
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58203
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57598
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57470
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57591
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58560
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57448 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57471
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57564 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57587 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57592
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58613 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57472
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57593
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57473
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57594
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58561
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57590
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57415 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58080 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57658 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57471 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57828 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57553 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58536 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57478
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57599
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57479
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58204
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58328
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57485
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57486
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57487
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57669 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58456
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57488
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57481
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57482
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57483
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57426 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57484
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58330
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57542 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57613 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57480
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57607 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57928 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57418 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57510 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57453 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57671 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58180
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57442 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57568 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57625 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57494 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57660 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57407 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58078
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58228 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57579 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57544 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57391 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57487 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57636 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57441 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57464 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57509 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57557 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57637 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57614 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58303 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58080
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57606 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58378 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57419 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57591 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57648 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58509 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57580 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58430 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57659 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57521 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57500 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57523 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57930 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57953 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57546 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57495 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57649 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57661 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57626 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58230 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58253 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57566 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58380
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58588 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57486 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57463 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57417 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57555 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57589 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58028
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57512 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57428 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58278
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58153
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57452 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58154
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58030
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57615 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57605 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57567 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57474 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57429 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57451 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57650 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58280
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57803 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57522 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57440 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57545 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58380 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57496 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57511 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57627 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58178
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58054
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57556 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58053
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57590 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58103 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57638 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57485 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57672 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57491 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58484 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57594 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57571 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57928
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57804
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57803
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58128 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58403 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57479 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57754 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57513 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57536 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57559 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57616 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57639 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57547 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57467 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57421 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57604 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57930
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57582 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57456 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57399 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57410 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57674 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57502 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57828
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57422 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57703
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57704
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57628 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57903 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57640 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57478 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57753 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57560 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58104 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57455 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57583 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57398 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57673 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57501 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57524 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57492 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57444 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57662 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57778 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57830
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57954
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57953
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57535 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57880 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58254 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57433 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57617 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57651 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57466 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57569 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57443 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57420 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57603 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57581 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57408 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57675 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57503 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57652 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57526 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57593 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58404 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57664 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57629 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57904 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57537 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57431 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57558 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57548 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57525 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57630 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57904
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57592 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57663 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57903
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57493 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58482 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58278 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58508 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57432 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57878 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58586 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57618 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57465 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57570 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57409 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57602 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57641 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57514 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57454 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57409
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57405
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57526
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57647
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57527
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57648
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57407
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57528
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57649
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57408
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57529
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57401
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57401 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57522
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57643
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57665 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58612
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57402
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57523
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57644
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57403
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57524
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57642 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57645
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57499 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57404
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57525
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57646
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58613
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57585 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57650
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57530
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57651
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57410
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57531
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57562 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57652
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57653
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57482 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58154 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58561 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57396 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57780 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57597 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57488 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57551 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58509
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57416
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57537
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57658
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57417
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57538
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57659
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57418
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57516 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57539
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58508
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57419
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57459 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57654
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57655
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57414
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57535
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57656
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57778
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57415
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57536
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57657
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57540
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57619 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57661
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57420
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57541
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57662
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57421
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57542
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57663
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57728 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57422
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57543
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57664
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57424 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58612 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57660
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57780
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57854 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57527 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58457 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57653 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57596 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57470 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57427
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57458 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57548
                      Source: unknownNetwork traffic detected: HTTP traffic on port 57601 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57669
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57428
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57549
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57429
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57423
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57544
                      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:57391 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:57395 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:57479 version: TLS 1.2
                      Source: regsvr32.exe, 00000003.00000003.1735435044.000000001C680000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_c814d1ef-f
                      Source: regsvr32.exe, 00000003.00000003.1735435044.000000001C680000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_f5e78829-f
                      Source: Yara matchFile source: 4.3.OpenWith.exe.149ea6f0000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.OpenWith.exe.149ea410000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.regsvr32.exe.1c680000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.OpenWith.exe.149ea410000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.regsvr32.exe.1c3a0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.regsvr32.exe.1c680000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.regsvr32.exe.1c3a0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.OpenWith.exe.149ea6f0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.1745138145.00000149EA6F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1744894909.00000149EA410000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1735435044.000000001C680000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1735195226.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7668, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: OpenWith.exe PID: 7700, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699717000 NtWriteFile,WaitForSingleObject,0_2_00007FF699717000
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699716EE0 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,0_2_00007FF699716EE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA51B4 NtQueryInformationProcess,3_2_1BDA51B4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA56A8 NtQuerySystemInformation,NtQuerySystemInformation,lstrcmpiW,CloseHandle,free,3_2_1BDA56A8
                      Source: C:\Windows\System32\OpenWith.exeCode function: 4_3_00000149E99330C7 calloc,NtAllocateVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,RtlFreeHeap,RtlFreeHeap,4_3_00000149E99330C7
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_3_00007DF484681CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free,9_3_00007DF484681CE8
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_3_00007DF484681958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,9_3_00007DF484681958
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC9252C NtAcceptConnectPort,9_2_000001C7BCC9252C
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC927B8 NtAcceptConnectPort,9_2_000001C7BCC927B8
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC928B8 NtAcceptConnectPort,9_2_000001C7BCC928B8
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC9288C NtAcceptConnectPort,9_2_000001C7BCC9288C
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC929D4 NtAcceptConnectPort,9_2_000001C7BCC929D4
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC92990 NtAcceptConnectPort,9_2_000001C7BCC92990
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC928E8 NtAcceptConnectPort,9_2_000001C7BCC928E8
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC92C64 NtAcceptConnectPort,9_2_000001C7BCC92C64
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC92418 NtAcceptConnectPort,9_2_000001C7BCC92418
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_00007DF48468199C calloc,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,9_2_00007DF48468199C
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_00007DF484681E64 CreateProcessW,NtResumeThread,CloseHandle,9_2_00007DF484681E64
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_00007DF484692704 NtQuerySystemInformation,malloc,NtQuerySystemInformation,9_2_00007DF484692704
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2E385C NtQuerySystemInformation,10_2_0000021AFD2E385C
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CF2688 NtAcceptConnectPort,11_2_00000215F7CF2688
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CF288C NtAcceptConnectPort,11_2_00000215F7CF288C
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1297000 NtWriteFile,WaitForSingleObject,12_2_00007FF6D1297000
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1296EE0 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,12_2_00007FF6D1296EE0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138F288C NtAcceptConnectPort,12_2_0000022C138F288C
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138F2688 NtAcceptConnectPort,12_2_0000022C138F2688
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699716190: memcpy,DeviceIoControl,CloseHandle,CloseHandle,GetLastError,0_2_00007FF699716190
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997194D00_2_00007FF6997194D0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69971B6300_2_00007FF69971B630
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996C2FE90_2_00007FF6996C2FE9
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699777AC00_2_00007FF699777AC0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996DBA800_2_00007FF6996DBA80
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699765B000_2_00007FF699765B00
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996D9B300_2_00007FF6996D9B30
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699721A400_2_00007FF699721A40
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69970DA500_2_00007FF69970DA50
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996F1B000_2_00007FF6996F1B00
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699723AA00_2_00007FF699723AA0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996C1A310_2_00007FF6996C1A31
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69972F9600_2_00007FF69972F960
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974B9B00_2_00007FF69974B9B0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699775CE00_2_00007FF699775CE0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996DDC800_2_00007FF6996DDC80
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69970DD000_2_00007FF69970DD00
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996F5CC00_2_00007FF6996F5CC0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699769BC00_2_00007FF699769BC0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69975DBE00_2_00007FF69975DBE0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699733B400_2_00007FF699733B40
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974DEF00_2_00007FF69974DEF0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69970FF100_2_00007FF69970FF10
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69976BF200_2_00007FF69976BF20
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69976BDE00_2_00007FF69976BDE0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974FE000_2_00007FF69974FE00
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699739E0B0_2_00007FF699739E0B
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996F3DD00_2_00007FF6996F3DD0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997740C00_2_00007FF6997740C0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69975A0E00_2_00007FF69975A0E0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69973C1200_2_00007FF69973C120
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996CFF830_2_00007FF6996CFF83
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974FFF00_2_00007FF69974FFF0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997520300_2_00007FF699752030
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699777FA00_2_00007FF699777FA0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996F3FB70_2_00007FF6996F3FB7
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996E32900_2_00007FF6996E3290
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997773300_2_00007FF699777330
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69975D1600_2_00007FF69975D160
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996EB2000_2_00007FF6996EB200
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997171700_2_00007FF699717170
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996DD1D00_2_00007FF6996DD1D0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997334B60_2_00007FF6997334B6
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997675300_2_00007FF699767530
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974F4400_2_00007FF69974F440
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996FD5200_2_00007FF6996FD520
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997754100_2_00007FF699775410
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996DB3500_2_00007FF6996DB350
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997633500_2_00007FF699763350
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996D16650_2_00007FF6996D1665
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996C565B0_2_00007FF6996C565B
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69976B7200_2_00007FF69976B720
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69975F7300_2_00007FF69975F730
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69973D6710_2_00007FF69973D671
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974D6A80_2_00007FF69974D6A8
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997395B60_2_00007FF6997395B6
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997715DD0_2_00007FF6997715DD
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974F5F00_2_00007FF69974F5F0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997075F00_2_00007FF6997075F0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996F15E00_2_00007FF6996F15E0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997499200_2_00007FF699749920
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974F8400_2_00007FF69974F840
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69973D8870_2_00007FF69973D887
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997318A00_2_00007FF6997318A0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69973B7FD0_2_00007FF69973B7FD
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997597500_2_00007FF699759750
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996EB8000_2_00007FF6996EB800
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997277700_2_00007FF699727770
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997617800_2_00007FF699761780
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996CF7E00_2_00007FF6996CF7E0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699762B000_2_00007FF699762B00
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699704AC00_2_00007FF699704AC0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699748A200_2_00007FF699748A20
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69973A9900_2_00007FF69973A990
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699760CE00_2_00007FF699760CE0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699768CF00_2_00007FF699768CF0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69972ED000_2_00007FF69972ED00
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69976EC600_2_00007FF69976EC60
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699738CAC0_2_00007FF699738CAC
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699702B800_2_00007FF699702B80
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699764BF00_2_00007FF699764BF0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699708C000_2_00007FF699708C00
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996DAC300_2_00007FF6996DAC30
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699712E700_2_00007FF699712E70
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996CEDB40_2_00007FF6996CEDB4
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69976ADE00_2_00007FF69976ADE0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996F0D800_2_00007FF6996F0D80
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996FF0600_2_00007FF6996FF060
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69972D0A00_2_00007FF69972D0A0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974F0A00_2_00007FF69974F0A0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974CFCB0_2_00007FF69974CFCB
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996DF0300_2_00007FF6996DF030
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996CE28F0_2_00007FF6996CE28F
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69973E23A0_2_00007FF69973E23A
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997082A00_2_00007FF6997082A0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69976A2A00_2_00007FF69976A2A0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996EE1800_2_00007FF6996EE180
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69976C1F00_2_00007FF69976C1F0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996DC1700_2_00007FF6996DC170
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997541B00_2_00007FF6997541B0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69975E4C00_2_00007FF69975E4C0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996DA4A00_2_00007FF6996DA4A0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996D446C0_2_00007FF6996D446C
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997585200_2_00007FF699758520
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974C3560_2_00007FF69974C356
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69974C3580_2_00007FF69974C358
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997203A00_2_00007FF6997203A0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997667100_2_00007FF699766710
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996D26E20_2_00007FF6996D26E2
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997606A00_2_00007FF6997606A0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996F45790_2_00007FF6996F4579
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997008700_2_00007FF699700870
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996DC8600_2_00007FF6996DC860
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997449200_2_00007FF699744920
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997529200_2_00007FF699752920
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996FA7400_2_00007FF6996FA740
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996E08200_2_00007FF6996E0820
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997647500_2_00007FF699764750
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996D47CD0_2_00007FF6996D47CD
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997327A40_2_00007FF6997327A4
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B804DFB1_2_00007FFD9B804DFB
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B7818D73_3_1B7818D7
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B7818D73_2_1B7818D7
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B7808A43_2_1B7808A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDB6F393_2_1BDB6F39
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDB88973_2_1BDB8897
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDB94A63_2_1BDB94A6
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA4A543_2_1BDA4A54
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA5BC03_2_1BDA5BC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA9FFC3_2_1BDA9FFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA3CEC3_2_1BDA3CEC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA8A583_2_1BDA8A58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA870C3_2_1BDA870C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA710C3_2_1BDA710C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA15003_2_1BDA1500
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDA2F003_2_1BDA2F00
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFD9B7C098D3_2_00007FFD9B7C098D
                      Source: C:\Windows\System32\OpenWith.exeCode function: 4_3_00000149E7E809674_3_00000149E7E80967
                      Source: C:\Windows\System32\OpenWith.exeCode function: 4_3_00000149E993557C4_3_00000149E993557C
                      Source: C:\Windows\System32\OpenWith.exeCode function: 4_3_00000149E993279C4_3_00000149E993279C
                      Source: C:\Windows\System32\OpenWith.exeCode function: 4_3_00000149E9931BA64_3_00000149E9931BA6
                      Source: C:\Windows\System32\OpenWith.exeCode function: 4_3_00000149E99358FC4_3_00000149E99358FC
                      Source: C:\Windows\System32\OpenWith.exeCode function: 4_3_00000149E99324F74_3_00000149E99324F7
                      Source: C:\Windows\System32\OpenWith.exeCode function: 4_3_00000149E9932C3C4_3_00000149E9932C3C
                      Source: C:\Windows\System32\OpenWith.exeCode function: 4_3_00000149E9934A384_3_00000149E9934A38
                      Source: C:\Windows\System32\OpenWith.exeCode function: 4_3_00000149E9935E7C4_3_00000149E9935E7C
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_3_00007DF48468392C9_3_00007DF48468392C
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_3_00007DF4846822049_3_00007DF484682204
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_3_00007DF484684EFC9_3_00007DF484684EFC
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC92D249_2_000001C7BCC92D24
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC826289_2_000001C7BCC82628
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC8C25C9_2_000001C7BCC8C25C
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCB55B09_2_000001C7BCCB55B0
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCB95D49_2_000001C7BCCB95D4
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCC0D909_2_000001C7BCCC0D90
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCA6D189_2_000001C7BCCA6D18
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCA86B49_2_000001C7BCCA86B4
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC9BEB89_2_000001C7BCC9BEB8
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCB5EC89_2_000001C7BCCB5EC8
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCA76849_2_000001C7BCCA7684
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCA3EA49_2_000001C7BCCA3EA4
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCB4DE89_2_000001C7BCCB4DE8
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC9F6189_2_000001C7BCC9F618
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCB3F709_2_000001C7BCCB3F70
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC9C7509_2_000001C7BCC9C750
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC96F249_2_000001C7BCC96F24
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCB48D09_2_000001C7BCCB48D0
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCC08749_2_000001C7BCCC0874
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCA70949_2_000001C7BCCA7094
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCAD8549_2_000001C7BCCAD854
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC9D0109_2_000001C7BCC9D010
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCBA81C9_2_000001C7BCCBA81C
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCBF1D09_2_000001C7BCCBF1D0
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCA01749_2_000001C7BCCA0174
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCBE9849_2_000001C7BCCBE984
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCBF9409_2_000001C7BCCBF940
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCB59189_2_000001C7BCCB5918
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC95ADC9_2_000001C7BCC95ADC
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC972709_2_000001C7BCC97270
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCC02709_2_000001C7BCCC0270
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCB3A389_2_000001C7BCCB3A38
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCB4A509_2_000001C7BCCB4A50
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCC3A4D9_2_000001C7BCCC3A4D
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC9E3989_2_000001C7BCC9E398
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC814D09_2_000001C7BCC814D0
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCBECE49_2_000001C7BCCBECE4
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC9DCE49_2_000001C7BCC9DCE4
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCB04789_2_000001C7BCCB0478
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCC64349_2_000001C7BCCC6434
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCCBCC009_2_000001C7BCCBCC00
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_00007DF4846822CC9_2_00007DF4846822CC
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2EBC6810_2_0000021AFD2EBC68
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD303B4010_2_0000021AFD303B40
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2E737C10_2_0000021AFD2E737C
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2ED60410_2_0000021AFD2ED604
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2FAE1010_2_0000021AFD2FAE10
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD311E0810_2_0000021AFD311E08
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2E8DF410_2_0000021AFD2E8DF4
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2F5E4510_2_0000021AFD2F5E45
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD30466010_2_0000021AFD304660
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD30C66810_2_0000021AFD30C668
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD302ED110_2_0000021AFD302ED1
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2F8EB810_2_0000021AFD2F8EB8
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD30C50010_2_0000021AFD30C500
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2FA4F810_2_0000021AFD2FA4F8
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2FE51C10_2_0000021AFD2FE51C
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2F9D3010_2_0000021AFD2F9D30
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2EC5D410_2_0000021AFD2EC5D4
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD3025B410_2_0000021AFD3025B4
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2EBFE410_2_0000021AFD2EBFE4
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2F589810_2_0000021AFD2F5898
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2FA86010_2_0000021AFD2FA860
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2FF76C10_2_0000021AFD2FF76C
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2F27A410_2_0000021AFD2F27A4
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD30321010_2_0000021AFD303210
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD30225410_2_0000021AFD302254
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2F628910_2_0000021AFD2F6289
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2F5A8E10_2_0000021AFD2F5A8E
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD30414410_2_0000021AFD304144
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2F898010_2_0000021AFD2F8980
                      Source: C:\Windows\System32\dllhost.exeCode function: 10_2_0000021AFD2F999810_2_0000021AFD2F9998
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CF2D2411_2_00000215F7CF2D24
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CFC75011_2_00000215F7CFC750
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D13F7011_2_00000215F7D13F70
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CF6F2411_2_00000215F7CF6F24
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D15EC811_2_00000215F7D15EC8
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CFBEB811_2_00000215F7CFBEB8
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D0768411_2_00000215F7D07684
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D086B411_2_00000215F7D086B4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D03EA411_2_00000215F7D03EA4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CFF61811_2_00000215F7CFF618
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CE262811_2_00000215F7CE2628
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D195D411_2_00000215F7D195D4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D14DE811_2_00000215F7D14DE8
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D20D9011_2_00000215F7D20D90
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D155B011_2_00000215F7D155B0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D06D1811_2_00000215F7D06D18
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CE14D011_2_00000215F7CE14D0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D1ECE411_2_00000215F7D1ECE4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CFDCE411_2_00000215F7CFDCE4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D1047811_2_00000215F7D10478
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D1CC0011_2_00000215F7D1CC00
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D2643411_2_00000215F7D26434
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CFE39811_2_00000215F7CFE398
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CF5ADC11_2_00000215F7CF5ADC
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D14A5011_2_00000215F7D14A50
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D23A4D11_2_00000215F7D23A4D
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D13A3811_2_00000215F7D13A38
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CEC25C11_2_00000215F7CEC25C
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D2027011_2_00000215F7D20270
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CF727011_2_00000215F7CF7270
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D1F1D011_2_00000215F7D1F1D0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D1E98411_2_00000215F7D1E984
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D1F94011_2_00000215F7D1F940
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D0017411_2_00000215F7D00174
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D1591811_2_00000215F7D15918
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D148D011_2_00000215F7D148D0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D0709411_2_00000215F7D07094
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D0D85411_2_00000215F7D0D854
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D2087411_2_00000215F7D20874
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7CFD01011_2_00000215F7CFD010
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 11_2_00000215F7D1A81C11_2_00000215F7D1A81C
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12994D012_2_00007FF6D12994D0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D129B63012_2_00007FF6D129B630
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1242FE912_2_00007FF6D1242FE9
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D126329012_2_00007FF6D1263290
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12F733012_2_00007FF6D12F7330
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D129717012_2_00007FF6D1297170
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12DD16012_2_00007FF6D12DD160
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125D1D012_2_00007FF6D125D1D0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D126B20012_2_00007FF6D126B200
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CF44012_2_00007FF6D12CF440
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12B34B612_2_00007FF6D12B34B6
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E753012_2_00007FF6D12E7530
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D127D52012_2_00007FF6D127D520
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E335012_2_00007FF6D12E3350
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125B35012_2_00007FF6D125B350
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12F541012_2_00007FF6D12F5410
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12BD67112_2_00007FF6D12BD671
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125166512_2_00007FF6D1251665
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CD6A812_2_00007FF6D12CD6A8
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12456D212_2_00007FF6D12456D2
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12DF73012_2_00007FF6D12DF730
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12EB72012_2_00007FF6D12EB720
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CF5F012_2_00007FF6D12CF5F0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12875F012_2_00007FF6D12875F0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12715E012_2_00007FF6D12715E0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12B95B612_2_00007FF6D12B95B6
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CF84012_2_00007FF6D12CF840
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12B18A012_2_00007FF6D12B18A0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12BD88712_2_00007FF6D12BD887
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12C992012_2_00007FF6D12C9920
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12A777012_2_00007FF6D12A7770
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12D975012_2_00007FF6D12D9750
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E178012_2_00007FF6D12E1780
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D124F7E012_2_00007FF6D124F7E0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D126B80012_2_00007FF6D126B800
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12BB7FD12_2_00007FF6D12BB7FD
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D128DA5012_2_00007FF6D128DA50
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12A1A4012_2_00007FF6D12A1A40
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12A3AA012_2_00007FF6D12A3AA0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125BA8012_2_00007FF6D125BA80
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12F7AC012_2_00007FF6D12F7AC0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1259B3012_2_00007FF6D1259B30
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E5B0012_2_00007FF6D12E5B00
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1271B0012_2_00007FF6D1271B00
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12AF96012_2_00007FF6D12AF960
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CB9B012_2_00007FF6D12CB9B0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1241A3112_2_00007FF6D1241A31
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125DC8012_2_00007FF6D125DC80
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12F5CE012_2_00007FF6D12F5CE0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1275CC012_2_00007FF6D1275CC0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D128DD0012_2_00007FF6D128DD00
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12B3B4012_2_00007FF6D12B3B40
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12DDBE012_2_00007FF6D12DDBE0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E9BC012_2_00007FF6D12E9BC0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CDEF012_2_00007FF6D12CDEF0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12EBF2012_2_00007FF6D12EBF20
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D128FF1012_2_00007FF6D128FF10
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12EBDE012_2_00007FF6D12EBDE0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1273DD012_2_00007FF6D1273DD0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12B9E0B12_2_00007FF6D12B9E0B
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CFE0012_2_00007FF6D12CFE00
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12DA0E012_2_00007FF6D12DA0E0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12F40C012_2_00007FF6D12F40C0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12BC12012_2_00007FF6D12BC120
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12F7FA012_2_00007FF6D12F7FA0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D124FF8312_2_00007FF6D124FF83
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CFFF012_2_00007FF6D12CFFF0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1273FB712_2_00007FF6D1273FB7
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12D203012_2_00007FF6D12D2030
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12BE23A12_2_00007FF6D12BE23A
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12882A012_2_00007FF6D12882A0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12EA2A012_2_00007FF6D12EA2A0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D124E28F12_2_00007FF6D124E28F
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125C17012_2_00007FF6D125C170
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12D41B012_2_00007FF6D12D41B0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D126E18012_2_00007FF6D126E180
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12EC1F012_2_00007FF6D12EC1F0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125446C12_2_00007FF6D125446C
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125A4A012_2_00007FF6D125A4A0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12DE4C012_2_00007FF6D12DE4C0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12D852012_2_00007FF6D12D8520
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CC35612_2_00007FF6D12CC356
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CC35812_2_00007FF6D12CC358
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12A03A012_2_00007FF6D12A03A0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E06A012_2_00007FF6D12E06A0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12526E212_2_00007FF6D12526E2
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E671012_2_00007FF6D12E6710
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D127457912_2_00007FF6D1274579
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D128087012_2_00007FF6D1280870
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125C86012_2_00007FF6D125C860
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12C492012_2_00007FF6D12C4920
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12D292012_2_00007FF6D12D2920
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E475012_2_00007FF6D12E4750
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D127A74012_2_00007FF6D127A740
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12B27A412_2_00007FF6D12B27A4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12547CD12_2_00007FF6D12547CD
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D126082012_2_00007FF6D1260820
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1284AC012_2_00007FF6D1284AC0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E2B0012_2_00007FF6D12E2B00
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12BA99012_2_00007FF6D12BA990
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12C8A2012_2_00007FF6D12C8A20
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12EEC6012_2_00007FF6D12EEC60
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12B8CAC12_2_00007FF6D12B8CAC
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E8CF012_2_00007FF6D12E8CF0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E0CE012_2_00007FF6D12E0CE0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12AED0012_2_00007FF6D12AED00
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1282B8012_2_00007FF6D1282B80
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12E4BF012_2_00007FF6D12E4BF0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125AC3012_2_00007FF6D125AC30
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1288C0012_2_00007FF6D1288C00
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1292E7012_2_00007FF6D1292E70
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D124EDB412_2_00007FF6D124EDB4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1270D8012_2_00007FF6D1270D80
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12EADE012_2_00007FF6D12EADE0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D127F06012_2_00007FF6D127F060
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12AD0A012_2_00007FF6D12AD0A0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CF0A012_2_00007FF6D12CF0A0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12CCFCB12_2_00007FF6D12CCFCB
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D125F03012_2_00007FF6D125F030
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138F2D2412_2_0000022C138F2D24
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1390709412_2_0000022C13907094
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138FD01012_2_0000022C138FD010
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138F6F2412_2_0000022C138F6F24
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C13914DE812_2_0000022C13914DE8
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C13920D9012_2_0000022C13920D90
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1391ECE412_2_0000022C1391ECE4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C13906D1812_2_0000022C13906D18
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138F727012_2_0000022C138F7270
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1391F1D012_2_0000022C1391F1D0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1390D85412_2_0000022C1390D854
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1390768412_2_0000022C13907684
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C139155B012_2_0000022C139155B0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C139195D412_2_0000022C139195D4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138FF61812_2_0000022C138FF618
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138E14D012_2_0000022C138E14D0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138F5ADC12_2_0000022C138F5ADC
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C13913A3812_2_0000022C13913A38
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C13923A4D12_2_0000022C13923A4D
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1391F94012_2_0000022C1391F940
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1391591812_2_0000022C13915918
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C13913F7012_2_0000022C13913F70
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C13915EC812_2_0000022C13915EC8
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138FBEB812_2_0000022C138FBEB8
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C13903EA412_2_0000022C13903EA4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138FDCE412_2_0000022C138FDCE4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1392643412_2_0000022C13926434
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1391047812_2_0000022C13910478
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138FE39812_2_0000022C138FE398
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138EC25C12_2_0000022C138EC25C
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1392027012_2_0000022C13920270
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1390017412_2_0000022C13900174
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1392087412_2_0000022C13920874
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1391A81C12_2_0000022C1391A81C
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138FC75012_2_0000022C138FC750
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C139086B412_2_0000022C139086B4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C138E262812_2_0000022C138E2628
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1391CC0012_2_0000022C1391CC00
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C13914A5012_2_0000022C13914A50
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C1391E98412_2_0000022C1391E984
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_0000022C139148D012_2_0000022C139148D0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: String function: 00007FF699720EF0 appears 40 times
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: String function: 00007FF699757290 appears 129 times
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: String function: 00007FF69975C9D0 appears 64 times
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: String function: 00007FF699757520 appears 48 times
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: String function: 00007FF6996D7EF0 appears 224 times
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: String function: 00007FF69976D4B0 appears 72 times
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: String function: 00007FF69976C954 appears 41 times
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: String function: 00007FF699757030 appears 31 times
                      Source: C:\Windows\System32\rekeywiz.exeCode function: String function: 00007FF6D12ED4B0 appears 72 times
                      Source: C:\Windows\System32\rekeywiz.exeCode function: String function: 00007FF6D12EC954 appears 41 times
                      Source: C:\Windows\System32\rekeywiz.exeCode function: String function: 00007FF6D12D7030 appears 31 times
                      Source: C:\Windows\System32\rekeywiz.exeCode function: String function: 00007FF6D12A0EF0 appears 40 times
                      Source: C:\Windows\System32\rekeywiz.exeCode function: String function: 00007FF6D1257EF0 appears 224 times
                      Source: C:\Windows\System32\rekeywiz.exeCode function: String function: 00007FF6D12D7520 appears 48 times
                      Source: C:\Windows\System32\rekeywiz.exeCode function: String function: 00007FF6D12DC9D0 appears 64 times
                      Source: C:\Windows\System32\rekeywiz.exeCode function: String function: 00007FF6D12D7290 appears 129 times
                      Source: ACKq.ini.0.drStatic PE information: Number of sections : 11 > 10
                      Source: 81zBpBAWwc.exeStatic PE information: Number of sections : 11 > 10
                      Source: 3.3.regsvr32.exe.2a24f90.7.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 3.3.regsvr32.exe.2a24f90.7.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 3.2.regsvr32.exe.1b580000.3.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 3.2.regsvr32.exe.1b580000.3.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 3.2.regsvr32.exe.12db9ac0.2.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 3.2.regsvr32.exe.12db9ac0.2.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 3.3.regsvr32.exe.2a24f90.6.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 3.3.regsvr32.exe.2a24f90.6.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 3.2.regsvr32.exe.2a24f90.0.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 3.2.regsvr32.exe.2a24f90.0.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@23/16@0/100
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997185F0 memset,FormatMessageW,GetLastError,0_2_00007FF6997185F0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699727140 CreateToolhelp32Snapshot,memset,Module32FirstW,Module32NextW,UnmapViewOfFile,CloseHandle,UnmapViewOfFile,CloseHandle,CloseHandle,0_2_00007FF699727140
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeFile created: C:\Users\user\AppData\Roaming\ACKq.iniJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeMutant created: NULL
                      Source: C:\Windows\System32\regsvr32.exeMutant created: \Sessions\1\BaseNamedObjects\cbRHd
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7500:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7220:120:WilError_03
                      Source: C:\Windows\System32\rekeywiz.exeMutant created: \Sessions\1\BaseNamedObjects\uTox
                      Source: C:\Windows\System32\rekeywiz.exeMutant created: \Sessions\1\BaseNamedObjects\MUTEX
                      Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4fb3f26-9d18-66b568-627b8a85e4b6}
                      Source: C:\Windows\System32\regsvr32.exeMutant created: \Sessions\1\BaseNamedObjects\Jason_OsodJpavasJmnlndsto
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1tl2eztg.qzb.ps1Jump to behavior
                      Source: 81zBpBAWwc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\rekeywiz.exeFile read: C:\Users\user\AppData\Roaming\Tox\utox_save.iniJump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: OpenWith.exe, 00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1864029392.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1820263145.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1877691935.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1830217382.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1825939380.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1833111481.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1806927405.00000149EA6F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2023536799.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1843708658.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                      Source: OpenWith.exe, 00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1864029392.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1820263145.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1877691935.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1830217382.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1825939380.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1833111481.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1806927405.00000149EA6F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2023536799.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1843708658.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                      Source: OpenWith.exe, 00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1864029392.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1820263145.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1877691935.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1830217382.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1825939380.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1833111481.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1806927405.00000149EA6F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2023536799.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1843708658.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                      Source: OpenWith.exe, 00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1864029392.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1820263145.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1877691935.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1830217382.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1825939380.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1833111481.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1806927405.00000149EA6F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2023536799.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1843708658.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                      Source: OpenWith.exe, 00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1864029392.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1820263145.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1877691935.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1830217382.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1825939380.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1833111481.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1806927405.00000149EA6F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2023536799.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1843708658.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                      Source: OpenWith.exe, 00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1864029392.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1820263145.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1877691935.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1830217382.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1825939380.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1833111481.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1806927405.00000149EA6F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2023536799.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1843708658.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C2000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868087667.00000149EABF6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868687963.00000149EABF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: OpenWith.exe, 00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1864029392.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1820263145.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1877691935.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1830217382.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1825939380.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1833111481.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1806927405.00000149EA6F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2023536799.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1843708658.00000149EACBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                      Source: 81zBpBAWwc.exeReversingLabs: Detection: 39%
                      Source: 81zBpBAWwc.exeVirustotal: Detection: 48%
                      Source: unknownProcess created: C:\Users\user\Desktop\81zBpBAWwc.exe "C:\Users\user\Desktop\81zBpBAWwc.exe"
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini
                      Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Windows Media Player\wmpnscfg.exe "C:\Program Files\Windows Media Player\wmpnscfg.exe"
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                      Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"
                      Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"
                      Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{88C88888-CCCC-4CC8-CCCC-C8CCC8888000}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini
                      Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"Jump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.iniJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Windows Media Player\wmpnscfg.exe "C:\Program Files\Windows Media Player\wmpnscfg.exe"Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"Jump to behavior
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"Jump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{88C88888-CCCC-4CC8-CCCC-C8CCC8888000}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                      Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: wudfplatform.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: devobj.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: efsadu.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: dsrole.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: efsutil.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: cryptui.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: mfc42u.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: credui.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: feclient.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: dataexchange.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: d3d11.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: dcomp.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: dxgi.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: quartz.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: mmdevapi.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: devobj.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: dsound.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: qedit.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: ksuser.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: avrt.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: devenum.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: msdmo.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: audioses.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: msacm32.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: midimap.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: resourcepolicyclient.dllJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: efsadu.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: efsutil.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: cryptui.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: mfc42u.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: logoncli.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: efsutil.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: vaultcli.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: credui.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: cryptui.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: feclient.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: wintypes.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\rekeywiz.exeSection loaded: apphelp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: schannel.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: mskeyprotect.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: ncryptsslp.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: cryptnet.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sxs.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: devenum.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: winmm.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: devobj.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: msdmo.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: version.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeFile written: C:\Users\user\AppData\Roaming\ACKq.iniJump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\OutlookJump to behavior
                      Source: 81zBpBAWwc.exeStatic PE information: Image base 0x140000000 > 0x60000000
                      Source: 81zBpBAWwc.exeStatic file information: File size 2322503 > 1048576
                      Source: 81zBpBAWwc.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x10a000
                      Source: 81zBpBAWwc.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: kernel32.pdbUGP source: regsvr32.exe, 00000003.00000003.1734850005.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1734930307.000000001C460000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744663903.00000149EA410000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744748807.00000149EA4D0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdbUGP source: regsvr32.exe, 00000003.00000003.1735435044.000000001C680000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1735195226.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1745138145.00000149EA6F0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744894909.00000149EA410000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: regsvr32.exe, 00000003.00000003.1734494112.000000001C590000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1733761605.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744046872.00000149EA410000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744297560.00000149EA600000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: OpenWith.exe, 00000004.00000003.1851414734.00000149EABE0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: kernel32.pdb source: regsvr32.exe, 00000003.00000003.1734850005.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1734930307.000000001C460000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744663903.00000149EA410000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744748807.00000149EA4D0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: regsvr32.exe, 00000003.00000003.1734494112.000000001C590000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1733761605.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744046872.00000149EA410000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744297560.00000149EA600000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: winload_prod.pdb source: OpenWith.exe, 00000004.00000003.1851414734.00000149EAC00000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: OpenWith.exe, 00000004.00000003.1851414734.00000149EABF8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdb source: wmpnscfg.exe, 00000009.00000003.1994611962.000001C7BCF80000.00000004.00000001.00020000.00000000.sdmp, wmpnscfg.exe, 00000009.00000003.1994546000.000001C7BCF50000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdbGCTL source: wmpnscfg.exe, 00000009.00000003.1994611962.000001C7BCF80000.00000004.00000001.00020000.00000000.sdmp, wmpnscfg.exe, 00000009.00000003.1994546000.000001C7BCF50000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdb source: regsvr32.exe, 00000003.00000003.1735435044.000000001C680000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1735195226.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1745138145.00000149EA6F0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1744894909.00000149EA410000.00000004.00000001.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: 3.3.regsvr32.exe.2a24f90.7.raw.unpack, Redist.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 3.3.regsvr32.exe.2a24f90.7.raw.unpack, Redist.cs.Net Code: CoreMain
                      Source: 3.2.regsvr32.exe.1b580000.3.raw.unpack, Redist.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 3.2.regsvr32.exe.1b580000.3.raw.unpack, Redist.cs.Net Code: CoreMain
                      Source: 3.2.regsvr32.exe.12db9ac0.2.raw.unpack, Redist.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 3.2.regsvr32.exe.12db9ac0.2.raw.unpack, Redist.cs.Net Code: CoreMain
                      Source: 3.3.regsvr32.exe.2a24f90.6.raw.unpack, Redist.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 3.3.regsvr32.exe.2a24f90.6.raw.unpack, Redist.cs.Net Code: CoreMain
                      Source: 3.2.regsvr32.exe.2a24f90.0.raw.unpack, Redist.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 3.2.regsvr32.exe.2a24f90.0.raw.unpack, Redist.cs.Net Code: CoreMain
                      Source: 4.3.OpenWith.exe.149eadbaa00.77.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 4.3.OpenWith.exe.149eadbaa00.77.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 4.3.OpenWith.exe.149eadbaa00.43.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 4.3.OpenWith.exe.149eadbaa00.43.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 4.3.OpenWith.exe.149eadbaa00.23.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 4.3.OpenWith.exe.149eadbaa00.23.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 4.3.OpenWith.exe.149eadbaa00.78.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 4.3.OpenWith.exe.149eadbaa00.78.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 4.3.OpenWith.exe.149eadbaa00.48.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 4.3.OpenWith.exe.149eadbaa00.48.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 4.3.OpenWith.exe.149eadbaa00.73.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 4.3.OpenWith.exe.149eadbaa00.73.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 4.3.OpenWith.exe.149eadbaa00.40.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 4.3.OpenWith.exe.149eadbaa00.40.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 4.3.OpenWith.exe.149eadbaa00.36.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 4.3.OpenWith.exe.149eadbaa00.36.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 4.3.OpenWith.exe.149eadbaa00.47.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 4.3.OpenWith.exe.149eadbaa00.47.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 4.3.OpenWith.exe.149eadbaa00.10.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 4.3.OpenWith.exe.149eadbaa00.10.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Suspicious powershell command line found
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                      Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{88C88888-CCCC-4CC8-CCCC-C8CCC8888000}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"Jump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{88C88888-CCCC-4CC8-CCCC-C8CCC8888000}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                      Source: 81zBpBAWwc.exeStatic PE information: section name: .xdata
                      Source: ACKq.ini.0.drStatic PE information: section name: .xdata
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B6ED2A5 pushad ; iretd 1_2_00007FFD9B6ED2A6
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B8000AD pushad ; iretd 1_2_00007FFD9B8000C1
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B78430B push eax; retf 3_3_1B78430C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B7835EC push esi; ret 3_3_1B7835ED
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B7859E3 push esi; retf 3_3_1B7859E6
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B7817D5 push cs; ret 3_3_1B7818C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B781865 push cs; ret 3_3_1B7818C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B785643 push eax; retf 3_3_1B785645
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B784427 pushad ; ret 3_3_1B784428
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B786C12 push edx; retf 3_3_1B786C26
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B78220B push eax; iretd 3_3_1B782224
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B7840F7 push eax; ret 3_3_1B7840FB
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B7862E3 push ebx; ret 3_3_1B7862E6
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B785ED9 push esi; ret 3_3_1B785EDD
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B7848BE push eax; retf 3_3_1B7848BF
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_3_1B784EB2 pushad ; retf 3_3_1B784EB3
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B78430B push eax; retf 3_2_1B78430C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B7835EC push esi; ret 3_2_1B7835ED
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B7859E3 push esi; retf 3_2_1B7859E6
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B7817D5 push cs; ret 3_2_1B7818C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B781865 push cs; ret 3_2_1B7818C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B785643 push eax; retf 3_2_1B785645
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B784427 pushad ; ret 3_2_1B784428
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B786C12 push edx; retf 3_2_1B786C26
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B78220B push eax; iretd 3_2_1B782224
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B7840F7 push eax; ret 3_2_1B7840FB
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B7862E3 push ebx; ret 3_2_1B7862E6
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B785ED9 push esi; ret 3_2_1B785EDD
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B7848BE push eax; retf 3_2_1B7848BF
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1B784EB2 pushad ; retf 3_2_1B784EB3
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDB2BFD push ecx; retf 3_2_1BDB2C73
                      Source: C:\Windows\System32\rekeywiz.exeFile created: C:\Users\user\AppData\Roaming\oc82.iniJump to dropped file
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeFile created: C:\Users\user\AppData\Roaming\ACKq.iniJump to dropped file
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeFile created: C:\Users\user\AppData\Roaming\ACKq.iniJump to dropped file
                      Source: C:\Windows\System32\rekeywiz.exeFile created: C:\Users\user\AppData\Roaming\oc82.iniJump to dropped file

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\regsvr32.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\7A325DEA0591783E6F8D A18D4F6A7A70D2EB4D4A684D361D6613F9CC2B29E83B3767EB5C9BC0795B960D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\regsvr32.exeMemory allocated: 2C10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeMemory allocated: 1ADB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeMemory allocated: 2AF0000 memory reserve | memory write watch
                      Source: C:\Windows\System32\regsvr32.exeMemory allocated: 1B030000 memory reserve | memory write watch
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1BDB827F sldt word ptr [ebx]3_2_1BDB827F
                      Source: C:\Windows\System32\dllhost.exeCode function: GetAdaptersInfo,10_2_0000021AFD2E2AC4
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\regsvr32.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5686Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4068Jump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeWindow / User API: threadDelayed 760Jump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeWindow / User API: threadDelayed 3091Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7691
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1880
                      Source: C:\Windows\System32\regsvr32.exeWindow / User API: threadDelayed 9729
                      Source: C:\Windows\System32\rekeywiz.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\oc82.iniJump to dropped file
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ACKq.iniJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeAPI coverage: 1.5 %
                      Source: C:\Windows\System32\rekeywiz.exeAPI coverage: 1.6 %
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7564Thread sleep count: 5686 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7564Thread sleep count: 4068 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7612Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 7692Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exe TID: 8144Thread sleep time: -152000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\rekeywiz.exe TID: 8144Thread sleep time: -618200s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1308Thread sleep count: 7691 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5312Thread sleep count: 1880 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2844Thread sleep time: -3689348814741908s >= -30000s
                      Source: C:\Windows\System32\regsvr32.exe TID: 7676Thread sleep time: -18446744073709540s >= -30000s
                      Source: C:\Windows\System32\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997140F0 memcpy,memcpy,memset,FindFirstFileW,memcpy,GetLastError,FindClose,GetLastError,0_2_00007FF6997140F0
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12940F0 memcpy,memcpy,memset,FindFirstFileW,memcpy,GetLastError,FindClose,GetLastError,12_2_00007FF6D12940F0
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC822D0 GetSystemInfo,VirtualAlloc,9_2_000001C7BCC822D0
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\regsvr32.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppDataJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\DefaultJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStoreJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalizationJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\LocalJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\Default\AppData\Local\MicrosoftJump to behavior
                      Source: OpenWith.exe, 00000004.00000003.1867102224.00000149EA1B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkymbolicLinkcLinkSymbolicLink
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                      Source: dllhost.exe, 0000000A.00000002.2908315390.0000021AFD42B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWZ
                      Source: OpenWith.exe, 00000004.00000003.1822622813.00000149EA1DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLink
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                      Source: dllhost.exe, 0000000A.00000002.2908315390.0000021AFD42B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                      Source: OpenWith.exe, 00000004.00000003.1744894909.00000149EA410000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: wmpnscfg.exe, 00000009.00000002.2909083210.000001C7BCD38000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 0000000A.00000002.2908315390.0000021AFD42B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: wmpnscfg.exe, 00000009.00000002.2909083210.000001C7BCD38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws\System32\en-US\wshqos.dll.mui
                      Source: OpenWith.exe, 00000004.00000003.1744894909.00000149EA410000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                      Source: rekeywiz.exe, 0000000B.00000003.2073173628.00000215F7E9E000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 0000000B.00000002.2909916430.00000215F7E82000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699712CF0 GetProcessHeap,HeapAlloc,0_2_00007FF699712CF0
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6996C1180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,0_2_00007FF6996C1180
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69989BC00 SetUnhandledExceptionFilter,0_2_00007FF69989BC00
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D1241180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,12_2_00007FF6D1241180
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D138DC00 SetUnhandledExceptionFilter,12_2_00007FF6D138DC00
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 185.196.9.174 7777
                      .NET source code references suspicious native API functions
                      Source: 3.2.regsvr32.exe.2dd3d50.1.raw.unpack, Flutter.csReference to suspicious API methods: VirtualAlloc(IntPtr.Zero, new IntPtr(65536), MEM_COMMIT, 4u)
                      Source: 3.2.regsvr32.exe.2dd3d50.1.raw.unpack, Flutter.csReference to suspicious API methods: Marshal.WriteIntPtr(new IntPtr(intPtr.ToInt64() + num), GetProcAddress(moduleHandle, array[i]))
                      Source: 3.2.regsvr32.exe.2dd3d50.1.raw.unpack, Flutter.csReference to suspicious API methods: VirtualProtect(intPtr, 65536u, 64u, out var _)
                      Allocates memory in foreign processes
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 21AFD2E0000 protect: page read and writeJump to behavior
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeNtWriteFile: Indirect: 0x7FF699717076Jump to behavior
                      Sets debug register (to hijack the execution of another thread)
                      Source: C:\Windows\System32\regsvr32.exeThread register set: 7668 5Jump to behavior
                      Writes to foreign memory regions
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeMemory written: C:\Windows\System32\dllhost.exe base: 21AFD2E0000Jump to behavior
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF70F3314E0Jump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"Jump to behavior
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.iniJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Windows Media Player\wmpnscfg.exe "C:\Program Files\Windows Media Player\wmpnscfg.exe"Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"Jump to behavior
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"Jump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{88C88888-CCCC-4CC8-CCCC-C8CCC8888000}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                      Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/ackq.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{004c0880-8c4c-4cc0-cc40-c80cc800c4c4}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"
                      Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/oc82.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{88c88888-cccc-4cc8-cccc-c8ccc8888000}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/ackq.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{004c0880-8c4c-4cc0-cc40-c80cc800c4c4}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"Jump to behavior
                      Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/oc82.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{88c88888-cccc-4cc8-cccc-c8ccc8888000}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF6997194D0 GetCurrentProcessId,ProcessPrng,CreateNamedPipeW,GetLastError,CloseHandle,CloseHandle,0_2_00007FF6997194D0
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF69970E220 GetSystemTimePreciseAsFileTime,0_2_00007FF69970E220
                      Source: C:\Windows\System32\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1838129032.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1860404032.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1848367747.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1864029392.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1820263145.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1844556462.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1830217382.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1825939380.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1874774148.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1877691935.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1833111481.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1850439856.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1871687520.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1822995618.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1839488162.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1876940522.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1852328722.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2023536799.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1843708658.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1837526724.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1908667751.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1844059304.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1843341449.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2037272936.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1747979036.000000001BDA1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1874529158.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1840606816.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1846437877.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1873686601.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1855539140.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1875551874.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1836105614.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1849189930.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1835809635.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1820263145.00000149EABC1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1862556714.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1842766373.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1895556015.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1850036443.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1846011615.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1869033684.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1834401410.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1869983996.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1864418183.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1900087266.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1841618473.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1847727226.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1841102498.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1827293945.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1743171217.00000149E7FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1870384738.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1732715826.000000001B790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1854099505.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1869304089.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1867316447.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1834870839.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1866723582.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1847055049.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1825117026.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1853395898.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1868087667.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1824744647.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1850823165.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1895202612.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1868687963.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1839012082.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1851414734.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2025877192.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1833649423.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1863393703.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1840151430.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1851882644.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1845622274.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1865585143.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1836791970.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1835346077.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: OpenWith.exe, 00000004.00000003.1874986756.00000149EA1B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: !CP:Defichain-Electrum
                      Source: OpenWith.exe, 00000004.00000003.1874986756.00000149EA1B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\ElectronCash\config
                      Source: OpenWith.exe, 00000004.00000003.1869736232.00000149EA1B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\com.liberty.jaxx
                      Source: OpenWith.exe, 00000004.00000003.1874986756.00000149EA1B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Coinomi\Coinomi\wallets
                      Source: powershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: # AutoUnlockKeyStored. Win32_EncryptableVolume::IsAutoUnlockKeyStored
                      Tries to harvest and steal Bitcoin Wallet information
                      Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-QtJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\SecurityJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64fJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtabJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settingsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.defaultJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsingJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomedJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browserJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285fJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCacheJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\TempJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnailsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98aJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloadsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entriesJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeeaJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2Jump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\mainJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packsJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                      Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                      Source: Yara matchFile source: Process Memory Space: OpenWith.exe PID: 7700, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1838129032.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1860404032.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1848367747.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1864029392.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1820263145.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1844556462.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1830217382.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1825939380.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1874774148.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1877691935.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1833111481.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1850439856.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1871687520.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1822995618.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1839488162.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1876940522.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1852328722.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2023536799.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1843708658.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1837526724.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1908667751.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1844059304.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1843341449.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2037272936.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1747979036.000000001BDA1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1874529158.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1840606816.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1846437877.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1873686601.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1855539140.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1875551874.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1836105614.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1849189930.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1835809635.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1820263145.00000149EABC1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1862556714.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1842766373.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1895556015.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1850036443.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1846011615.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1869033684.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1834401410.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1869983996.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1864418183.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1900087266.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1841618473.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1847727226.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1841102498.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1827293945.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1743171217.00000149E7FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1870384738.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1732715826.000000001B790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1854099505.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1869304089.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1867316447.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1834870839.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1866723582.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1847055049.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1825117026.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1853395898.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1868087667.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1824744647.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1850823165.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1895202612.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1868687963.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1839012082.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1851414734.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2025877192.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1833649423.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1863393703.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1840151430.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1851882644.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1845622274.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1865585143.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1836791970.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1835346077.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699726B50 bind,WSAGetLastError,closesocket,0_2_00007FF699726B50
                      Source: C:\Users\user\Desktop\81zBpBAWwc.exeCode function: 0_2_00007FF699726860 bind,listen,WSAGetLastError,closesocket,0_2_00007FF699726860
                      Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 9_2_000001C7BCC8CDF4 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,9_2_000001C7BCC8CDF4
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12A6860 bind,listen,WSAGetLastError,closesocket,12_2_00007FF6D12A6860
                      Source: C:\Windows\System32\rekeywiz.exeCode function: 12_2_00007FF6D12A6B50 bind,WSAGetLastError,closesocket,12_2_00007FF6D12A6B50

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      Abuse Elevation Control Mechanism                      		1
                      Disable or Modify Tools                      		1
                      OS Credential Dumping                      		1
                      System Time Discovery                      		Remote Services11
                      Archive Collected Data                      		2
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts11
                      Native API                      		Boot or Logon Initialization Scripts1
                      DLL Side-Loading                      		11
                      Deobfuscate/Decode Files or Information                      		21
                      Input Capture                      		4
                      File and Directory Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Command and Scripting Interpreter                      		Logon Script (Windows)412
                      Process Injection                      		1
                      Abuse Elevation Control Mechanism                      		1
                      Credentials in Registry                      		17
                      System Information Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts1
                      PowerShell                      		Login HookLogin Hook3
                      Obfuscated Files or Information                      		NTDS131
                      Security Software Discovery                      		Distributed Component Object Model21
                      Input Capture                      		1
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Software Packing                      		LSA Secrets51
                      Virtualization/Sandbox Evasion                      		SSHKeylogging12
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      DLL Side-Loading                      		Cached Domain Credentials2
                      Process Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                      Masquerading                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Modify Registry                      		Proc Filesystem1
                      System Network Configuration Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt51
                      Virtualization/Sandbox Evasion                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron412
                      Process Injection                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1526371 Sample: 81zBpBAWwc.exe Startdate: 05/10/2024 Architecture: WINDOWS Score: 100 60 Suricata IDS alerts for network traffic 2->60 62 Found malware configuration 2->62 64 Multi AV Scanner detection for dropped file 2->64 66 9 other signatures 2->66 9 regsvr32.exe 1 2 2->9         started        12 81zBpBAWwc.exe 1 2->12         started        15 regsvr32.exe 2->15         started        process3 dnsIp4 80 Sets debug register (to hijack the execution of another thread) 9->80 18 OpenWith.exe 9->18         started        48 C:\Users\user\AppData\Roaming\ACKq.ini, PE32+ 12->48 dropped 82 Suspicious powershell command line found 12->82 84 Found direct / indirect Syscall (likely to bypass EDR) 12->84 22 powershell.exe 37 12->22         started        24 regsvr32.exe 12->24         started        58 8.8.8.8 GOOGLEUS United States 15->58 86 System process connects to network (likely due to code injection or exploit) 15->86 file5 signatures6 process7 dnsIp8 56 147.45.126.71, 3752, 49730, 49737 FREE-NET-ASFREEnetEU Russian Federation 18->56 68 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 18->68 70 Tries to steal Mail credentials (via file / registry access) 18->70 72 Found many strings related to Crypto-Wallets (likely being stolen) 18->72 76 2 other signatures 18->76 26 rekeywiz.exe 18->26         started        30 wmpnscfg.exe 18->30         started        32 rekeywiz.exe 1 36 18->32         started        74 Loading BitLocker PowerShell Module 22->74 35 conhost.exe 22->35         started        signatures9 process10 dnsIp11 46 C:\Users\user\AppData\Roaming\oc82.ini, PE32+ 26->46 dropped 88 Suspicious powershell command line found 26->88 37 powershell.exe 26->37         started        40 regsvr32.exe 26->40         started        90 Writes to foreign memory regions 30->90 92 Allocates memory in foreign processes 30->92 42 dllhost.exe 30->42         started        50 104.223.122.15 ASN-QUADRANET-GLOBALUS United States 32->50 52 192.168.2.4, 3752, 443, 49723 unknown unknown 32->52 54 96 other IPs or domains 32->54 file12 signatures13 process14 signatures15 78 Loading BitLocker PowerShell Module 37->78 44 conhost.exe 37->44         started        process16

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      81zBpBAWwc.exe39%ReversingLabsWin64.Trojan.Generic
                      81zBpBAWwc.exe49%VirustotalBrowse

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\ACKq.ini12%ReversingLabs
                      C:\Users\user\AppData\Roaming\ACKq.ini7%VirustotalBrowse
                      C:\Users\user\AppData\Roaming\oc82.ini12%ReversingLabs
                      C:\Users\user\AppData\Roaming\oc82.ini7%VirustotalBrowse

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                      https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                      http://nuget.org/NuGet.exe0%URL Reputationsafe
                      https://aka.ms/winsvr-2022-pshelp0%URL Reputationsafe
                      https://aka.ms/winsvr-2022-pshelp0%URL Reputationsafe
                      https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                      http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                      http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
                      https://contoso.com/License0%URL Reputationsafe
                      https://contoso.com/Icon0%URL Reputationsafe
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
                      https://www.ecosia.org/newtab/0%URL Reputationsafe
                      https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%URL Reputationsafe
                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                      http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
                      https://contoso.com/0%URL Reputationsafe
                      https://nuget.org/nuget.exe0%URL Reputationsafe
                      https://aka.ms/pscore680%URL Reputationsafe
                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                      https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
                      https://discord.com0%VirustotalBrowse
                      http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
                      https://github.com/Pester/Pester1%VirustotalBrowse
                      https://discordapp.com0%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wmtrue
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabOpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://discord.comOpenWith.exe, 00000004.00000003.1884795544.00000149EA402000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://duckduckgo.com/ac/?q=OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoOpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://support.office.com/artiOpenWith.exe, 00000004.00000003.1870607624.00000149EA3F6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872038255.00000149EA3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://contoso.com/Licensepowershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://discordapp.comOpenWith.exe, 00000004.00000003.1884795544.00000149EA402000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://contoso.com/Iconpowershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=OpenWith.exe, 00000004.00000003.1868960261.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868637708.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869190757.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868551752.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1870607624.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869469935.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016OpenWith.exe, 00000004.00000003.1874341176.00000149EA2F1000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17OpenWith.exe, 00000004.00000003.1874341176.00000149EA2F1000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.ecosia.org/newtab/OpenWith.exe, 00000004.00000003.1868960261.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868637708.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869190757.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868551752.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1870607624.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869469935.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          http://go.micregsvr32.exe, 00000003.00000002.1746225647.0000000002717000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://ac.ecosia.org/autocomplete?q=OpenWith.exe, 00000004.00000003.1868960261.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868637708.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869190757.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868551752.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1870607624.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869469935.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e1OpenWith.exe, 00000004.00000003.1870607624.00000149EA3F6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872038255.00000149EA3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallOpenWith.exe, 00000004.00000003.1869469935.00000149EA3DC000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchOpenWith.exe, 00000004.00000003.1868960261.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868637708.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869190757.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868551752.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1870607624.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869469935.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000001.00000002.1711944982.000001BCE5DA8000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://contoso.com/powershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.1731767660.000001BCF5BF4000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wmvOpenWith.exe, 00000004.00000003.1869736232.00000149EA1B5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1873103195.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1872109543.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1885726593.00000149EA1D7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1908967423.00000149EA1C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1822622813.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867102224.00000149EA1B3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2024260360.00000149EA1C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1900428206.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1909073317.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.2024290056.00000149EA1D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://aka.ms/pscore68powershell.exe, 00000001.00000002.1711944982.000001BCE5B81000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesOpenWith.exe, 00000004.00000003.1869469935.00000149EA3DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.1711944982.000001BCE5B81000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=OpenWith.exe, 00000004.00000003.1868960261.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868637708.00000149EA3C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869190757.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1866926710.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868551752.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1867520826.00000149EA3D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1870607624.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1869469935.00000149EA3D6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000004.00000003.1868848640.00000149EA3C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                85.95.178.227
                                		unknownRussian Federation
                                		12389ROSTELECOM-ASRUfalse
                                94.125.9.47
                                		unknownRussian Federation
                                		47807PULKOVO-ASRUfalse
                                195.93.190.6
                                		unknownUkraine
                                		15713GCN-UAfalse
                                3.248.105.39
                                		unknownUnited States
                                		16509AMAZON-02USfalse
                                168.119.209.10
                                		unknownGermany
                                		24940HETZNER-ASDEfalse
                                37.120.155.10
                                		unknownRomania
                                		9009M247GBfalse
                                99.186.81.111
                                		unknownUnited States
                                		7018ATT-INTERNET4USfalse
                                5.19.249.240
                                		unknownRussian Federation
                                		41733ZTELECOM-ASRUfalse
                                31.14.252.246
                                		unknownRomania
                                		9009M247GBfalse
                                185.120.145.82
                                		unknownRomania
                                		9009M247GBfalse
                                91.92.137.228
                                		unknownCyprus
                                		44901BELCLOUDBGfalse
                                194.26.135.86
                                		unknownNetherlands
                                		1213HEANETIEfalse
                                104.233.104.126
                                		unknownSaudi Arabia
                                		13886CLOUD-SOUTHUSfalse
                                95.215.44.78
                                		unknownLatvia
                                		52173MAKONIXLVfalse
                                8.8.8.8
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                212.129.41.121
                                		unknownFrance
                                		12876OnlineSASFRfalse
                                103.124.92.249
                                		unknownViet Nam
                                		131353NHANHOA-AS-VNNhanHoaSoftwarecompanyVNfalse
                                87.120.112.80
                                		unknownBulgaria
                                		25206UNACS-AS-BG8000BurgasBGfalse
                                46.249.49.17
                                		unknownNetherlands
                                		50673SERVERIUS-ASNLfalse
                                5.161.114.184
                                		unknownGermany
                                		24940HETZNER-ASDEfalse
                                136.243.141.187
                                		unknownGermany
                                		24940HETZNER-ASDEfalse
                                164.132.42.141
                                		unknownFrance
                                		16276OVHFRfalse
                                185.174.137.12
                                		unknownRussian Federation
                                		50113SUPERSERVERSDATACENTERRUfalse
                                94.232.45.36
                                		unknownRussian Federation
                                		44477WELLWEBNLfalse
                                95.24.122.206
                                		unknownRussian Federation
                                		8402CORBINA-ASOJSCVimpelcomRUfalse
                                148.251.8.19
                                		unknownGermany
                                		24940HETZNER-ASDEfalse
                                79.125.79.101
                                		unknownIreland
                                		16509AMAZON-02USfalse
                                185.228.233.50
                                		unknownRussian Federation
                                		64439ITOS-ASRUfalse
                                92.100.206.10
                                		unknownRussian Federation
                                		12389ROSTELECOM-ASRUfalse
                                88.196.188.239
                                		unknownEstonia
                                		3249ESTPAKEEfalse
                                5.188.118.119
                                		unknownRussian Federation
                                		49505SELECTELRUfalse
                                34.246.111.22
                                		unknownUnited States
                                		16509AMAZON-02USfalse
                                79.127.222.216
                                		unknownCzech Republic
                                		9080GINCzechRepublicEUCZfalse
                                54.170.144.10
                                		unknownUnited States
                                		16509AMAZON-02USfalse
                                205.185.116.116
                                		unknownUnited States
                                		53667PONYNETUSfalse
                                138.199.15.153
                                		unknownEuropean Union
                                		51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
                                41.33.65.206
                                		unknownEgypt
                                		8452TE-ASTE-ASEGfalse
                                66.70.179.236
                                		unknownCanada
                                		16276OVHFRfalse
                                89.1.161.63
                                		unknownGermany
                                		8422NETCOLOGNEDEfalse
                                91.227.77.240
                                		unknownPoland
                                		197935PARP-ASPLfalse
                                45.227.255.112
                                		unknownPanama
                                		43350NFORCENLfalse
                                54.216.51.54
                                		unknownUnited States
                                		16509AMAZON-02USfalse
                                138.68.105.169
                                		unknownUnited States
                                		14061DIGITALOCEAN-ASNUSfalse
                                96.55.239.247
                                		unknownCanada
                                		6327SHAWCAfalse
                                163.172.136.118
                                		unknownUnited Kingdom
                                		12876OnlineSASFRfalse
                                82.102.27.163
                                		unknownUnited Kingdom
                                		9009M247GBfalse
                                199.247.16.86
                                		unknownEuropean Union
                                		20473AS-CHOOPAUSfalse
                                81.19.138.213
                                		unknownRussian Federation
                                		24658IVC-ASRUfalse
                                34.241.110.200
                                		unknownUnited States
                                		16509AMAZON-02USfalse
                                176.126.113.11
                                		unknownUkraine
                                		9063SAARGATE-ASVSENETGmbHDEfalse
                                188.245.67.250
                                		unknownIran (ISLAMIC Republic Of)
                                		16322PARSONLINETehran-IRANIRfalse
                                194.249.212.109
                                		unknownSlovenia
                                		2107ARNES-NETAcademicandResearchNetworkofSloveniaSIfalse
                                45.88.106.247
                                		unknownNetherlands
                                		204601ON-LINE-DATAServerlocation-NetherlandsDrontenNLfalse
                                37.187.122.30
                                		unknownFrance
                                		16276OVHFRfalse
                                146.70.224.90
                                		unknownUnited Kingdom
                                		2018TENET-1ZAfalse
                                2.136.107.96
                                		unknownSpain
                                		3352TELEFONICA_DE_ESPANAESfalse
                                95.216.177.210
                                		unknownGermany
                                		24940HETZNER-ASDEfalse
                                54.228.90.186
                                		unknownUnited States
                                		16509AMAZON-02USfalse
                                89.210.166.173
                                		unknownGreece
                                		3329HOL-GRAthensGreeceGRfalse
                                47.146.159.131
                                		unknownUnited States
                                		5650FRONTIER-FRTRUSfalse
                                62.216.201.17
                                		unknownGermany
                                		8767MNET-ASGermanyDEfalse
                                94.233.72.48
                                		unknownRussian Federation
                                		12389ROSTELECOM-ASRUfalse
                                116.255.38.20
                                		unknownAustralia
                                		24129SUPERLOOP-AS-APSUPERLOOPAUSTRALIAPTYLTDAUfalse
                                45.129.56.135
                                		unknownSweden
                                		39351ESAB-ASSEfalse
                                141.164.38.70
                                		unknownUnited States
                                		20473AS-CHOOPAUSfalse
                                99.224.99.93
                                		unknownCanada
                                		812ROGERS-COMMUNICATIONSCAfalse
                                136.243.190.131
                                		unknownGermany
                                		24940HETZNER-ASDEfalse
                                46.229.52.198
                                		unknownUkraine
                                		34056KIEVNETKievNetISPASUAfalse
                                104.223.122.15
                                		unknownUnited States
                                		8100ASN-QUADRANET-GLOBALUStrue
                                95.25.63.192
                                		unknownRussian Federation
                                		3216SOVAM-ASRUfalse
                                79.236.100.248
                                		unknownGermany
                                		3320DTAGInternetserviceprovideroperationsDEfalse
                                91.227.18.172
                                		unknownRussian Federation
                                		207027EXIMIUS-ASRUfalse
                                146.19.213.122
                                		unknownFrance
                                		7726FITC-ASUSfalse
                                213.159.68.101
                                		unknownRussian Federation
                                		13078CTINET-ASCTINETAutonomousSystemRUfalse
                                85.130.224.235
                                		unknownIsrael
                                		8551BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneILfalse
                                188.170.74.198
                                		unknownRussian Federation
                                		31213MF-NWGSM-ASRUfalse
                                143.244.42.106
                                		unknownUnited States
                                		174COGENT-174USfalse
                                217.224.92.120
                                		unknownGermany
                                		3320DTAGInternetserviceprovideroperationsDEfalse
                                185.92.221.198
                                		unknownFrance
                                		20473AS-CHOOPAUSfalse
                                188.241.176.236
                                		unknownRomania
                                		1653SUNETSUNETSwedishUniversityNetworkEUfalse
                                94.177.230.163
                                		unknownItaly
                                		200185XANDMAIL-ASNDEfalse
                                45.136.49.8
                                		unknownEstonia
                                		199770PELUCHE-ASESfalse
                                155.138.145.67
                                		unknownUnited States
                                		20473AS-CHOOPAUSfalse
                                158.247.196.119
                                		unknownUnited States
                                		26133FEWPBUSfalse
                                217.165.73.29
                                		unknownUnited Arab Emirates
                                		5384EMIRATES-INTERNETEmiratesInternetAEfalse
                                193.124.186.205
                                		unknownRussian Federation
                                		35196IHOR-ASRUfalse
                                77.239.216.254
                                		unknownRussian Federation
                                		39799COMINTEL-ASTyumenRussiaRUfalse
                                104.194.143.68
                                		unknownUnited States
                                		53667PONYNETUSfalse
                                212.75.29.156
                                		unknownBulgaria
                                		43205BULSATCOM-BG-ASSofiaBGfalse
                                37.97.185.116
                                		unknownNetherlands
                                		20857TRANSIP-ASAmsterdamtheNetherlandsNLfalse
                                3.110.12.133
                                		unknownUnited States
                                		16509AMAZON-02USfalse
                                108.128.26.220
                                		unknownUnited States
                                		16509AMAZON-02USfalse
                                40.76.229.31
                                		unknownUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                5.228.114.154
                                		unknownRussian Federation
                                		42610NCNET-ASRUfalse
                                52.51.137.106
                                		unknownUnited States
                                		16509AMAZON-02USfalse
                                147.45.126.71
                                		unknownRussian Federation
                                		2895FREE-NET-ASFREEnetEUtrue
                                185.14.30.213
                                		unknownUkraine
                                		21100ITLDC-NLUAfalse
                                185.58.206.164
                                		unknownRussian Federation
                                		35196IHOR-ASRUfalse

                                Private

                                IP
                                192.168.2.255
                                192.168.2.4

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1526371
                                Start date and time:2024-10-05 14:32:05 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 10m 53s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:18
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:81zBpBAWwc.exe
                                renamed because original name is a hash value
                                Original Sample Name:8837df25aabc4fad85e851aca192f714.exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@23/16@0/100
                                EGA Information:
                                • Successful, ratio: 75%
                                HCA Information:
                                • Successful, ratio: 65%
                                • Number of executed functions: 16
                                • Number of non-executed functions: 142
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                • Excluded IPs from analysis (whitelisted): 88.221.110.91, 192.229.221.95
                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target OpenWith.exe, PID 7700 because there are no executed function
                                • Execution Graph export aborted for target powershell.exe, PID 7492 because it is empty
                                • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                • Not all processes where analyzed, report is missing behavior information
                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                • Report size exceeded maximum capacity and may have missing network information.
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtCreateKey calls found.
                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                • Report size getting too big, too many NtOpenFile calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                08:32:56API Interceptor40x Sleep call for process: powershell.exe modified
                                08:33:32API Interceptor1x Sleep call for process: wmpnscfg.exe modified
                                08:34:07API Interceptor1250377x Sleep call for process: rekeywiz.exe modified
                                13:32:59Task SchedulerRun new task: MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4} path: regsvr32 s>/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini
                                13:33:43Task SchedulerRun new task: MicrosoftEdgeUpdateTaskMachineUA{88C88888-CCCC-4CC8-CCCC-C8CCC8888000} path: regsvr32 s>/s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                5.19.249.240file.exeGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousUnknownBrowse

                                    Domains

                                    No context

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    ROSTELECOM-ASRUbomb.exeGet hashmaliciousAmadey, Go Injector, LummaC Stealer, Phorpiex, PureLog Stealer, Stealc, VidarBrowse
                                    • 95.159.149.185
                                    https://smallpdf.com/sign-pdf/document#data=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2VzaWduLnNtYWxscGRmLXN0YWdpbmcuY29tIiwic3ViIjoiN2NmYmYzYzYtZGJhZS00MDU2LWFmNjEtZTE1OTY4NGUxZTc4IiwiYXVkIjpbImVzaWduIl0sImV4cCI6MTcyOTI1NTE2OCwibmJmIjoxNzI4MDQ1NTY4LCJpYXQiOjE3MjgwNDU1NjgsImp0aSI6IjdjZmJmM2M2LWRiYWUtNDA1Ni1hZjYxLWUxNTk2ODRlMWU3OCIsInBheWxvYWQiOnsiZW52ZWxvcGVfaWQiOiIyNDYxNDE2ZC1iYWJmLTQzMDktOTRhYy1hZWJkYzRjMmZmY2MiLCJzaWduX3JlcXVlc3RfaWQiOiI3Y2ZiZjNjNi1kYmFlLTQwNTYtYWY2MS1lMTU5Njg0ZTFlNzgiLCJ0b2tlbl90eXBlIjoibm90aWZpY2F0aW9uIiwidXNlcl9lbWFpbCI6ImZyYW5jZXMud29vZEB1a3JpLm9yZyIsInVzZXJfZmlyc3RuYW1lIjoiZnJhbmNlcy53b29kQHVrcmkub3JnIiwidXNlcl9sYXN0bmFtZSI6ImZyYW5jZXMud29vZEB1a3JpLm9yZyJ9fQ.OqxYiO2DP6wYmX2t6u3X4Qa-FIZ5J__ELTV29qKimLo&eid=2461416d-babf-4309-94ac-aebdc4c2ffcc&esrt=7cfbf3c6-dbae-4056-af61-e159684e1e78Get hashmaliciousHTMLPhisherBrowse
                                    • 217.15.163.116
                                    yakov.mips.elfGet hashmaliciousMiraiBrowse
                                    • 85.15.166.251
                                    yakov.arm7.elfGet hashmaliciousMiraiBrowse
                                    • 178.45.229.114
                                    novo.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                    • 88.147.196.60
                                    novo.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                    • 213.177.127.248
                                    novo.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                    • 95.72.27.152
                                    novo.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                    • 5.143.106.71
                                    yakov.sh4.elfGet hashmaliciousMiraiBrowse
                                    • 46.159.53.150
                                    yakov.x86.elfGet hashmaliciousMiraiBrowse
                                    • 95.32.20.50
                                    M247GBfile.dllGet hashmaliciousMatanbuchusBrowse
                                    • 193.109.85.31
                                    bomb.exeGet hashmaliciousAmadey, Go Injector, LummaC Stealer, Phorpiex, PureLog Stealer, Stealc, VidarBrowse
                                    • 91.202.233.141
                                    Formularz instrukcji p#U0142atno#U015bci Millennium.xlsGet hashmaliciousRemcosBrowse
                                    • 185.236.203.101
                                    http://toomdexter.kindofx.com/c/2734/14-13347393/2/Get hashmaliciousUnknownBrowse
                                    • 5.183.103.118
                                    8cpJOWLf79.rtfGet hashmaliciousRemcosBrowse
                                    • 89.238.176.21
                                    nJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                                    • 91.202.233.158
                                    novo.arm64.elfGet hashmaliciousMirai, MoobotBrowse
                                    • 38.202.249.53
                                    novo.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                    • 38.95.109.126
                                    yakov.sh4.elfGet hashmaliciousMiraiBrowse
                                    • 172.102.214.23
                                    3TPmRbd6H0.dllGet hashmaliciousSystemBCBrowse
                                    • 38.132.122.161
                                    PULKOVO-ASRUsbbpYv6Pjz.dllGet hashmaliciousWannacryBrowse
                                    • 94.125.15.250
                                    AMAZON-02UShttps://cedars-sinai-enterprise.dicomgrid.com/worklist/Get hashmaliciousUnknownBrowse
                                    • 54.228.130.169
                                    rfc[1].htmlGet hashmaliciousUnknownBrowse
                                    • 52.222.236.71
                                    [MALICIOUS]_Secured_Doc-[yBv-26104].pdfGet hashmaliciousUnknownBrowse
                                    • 18.193.37.153
                                    survey.pdfGet hashmaliciousPDFPhishBrowse
                                    • 52.217.0.206
                                    https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#am9uYXRoYW5fbW9vcmVAdHJla2Jpa2VzLmNvbQ==Get hashmaliciousUnknownBrowse
                                    • 18.195.235.189
                                    https://url.avanan.click/v2/r01/___https:/www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#ZWxraW5AY29yZTRjZS5jb20=Get hashmaliciousUnknownBrowse
                                    • 108.138.7.80
                                    GGLoader.exeGet hashmaliciousLaplas Clipper, SilentCrypto MinerBrowse
                                    • 185.166.143.49
                                    https://s3.amazonaws.com/r3e1272/Rco.html#4eyOul3510eTKK19nejdimaazo189TBUDIERNFIMTFBQ264510CRSG907S11Get hashmaliciousPhisherBrowse
                                    • 54.231.172.248
                                    http://nirothniroth.site/?p=22&fbclid=IwY2xjawFs_DdleHRuA2FlbQIxMQABHTdgZU6ok722L5RxKPR-zh7Gkm6BqZ8BcT950y1bxf6l0LKz0zslg7KJHw_aem__ldVm1UUndXAkwYRakjBzgGet hashmaliciousUnknownBrowse
                                    • 52.213.102.87
                                    https://www.fukui-tv.co.jp/_click.php?id=83642&url=https://brewingrecovery.com/carrierzone.html#acctg@azteccontainer.comGet hashmaliciousHTMLPhisherBrowse
                                    • 3.160.150.28
                                    GCN-UAfile.exeGet hashmaliciousSystemBCBrowse
                                    • 91.192.136.48
                                    HETZNER-ASDEbomb.exeGet hashmaliciousAmadey, Go Injector, LummaC Stealer, Phorpiex, PureLog Stealer, Stealc, VidarBrowse
                                    • 49.12.197.9
                                    https://s3.amazonaws.com/r3e1272/Rco.html#4eyOul3510eTKK19nejdimaazo189TBUDIERNFIMTFBQ264510CRSG907S11Get hashmaliciousPhisherBrowse
                                    • 5.161.250.225
                                    w4DO1Z18yg.wsfGet hashmaliciousSmokeLoaderBrowse
                                    • 188.40.141.211
                                    UkHkCa3IYV.wsfGet hashmaliciousSmokeLoaderBrowse
                                    • 188.40.141.211
                                    3312.PDF.wsfGet hashmaliciousSmokeLoaderBrowse
                                    • 188.40.141.211
                                    RmbF3635xY.exeGet hashmaliciousSmokeLoaderBrowse
                                    • 188.40.141.211
                                    https://indexconectada.net.br/Get hashmaliciousUnknownBrowse
                                    • 85.10.195.17
                                    https://iasitvlife.roGet hashmaliciousUnknownBrowse
                                    • 49.12.228.110
                                    https://iasitvlife.ro/stiri/local/a-sunat-la-call-center-anticoruptie-si-a-denuntat-un-functionar-public/Get hashmaliciousHTMLPhisherBrowse
                                    • 49.12.228.110
                                    Zxooek.exeGet hashmaliciousFormBookBrowse
                                    • 88.198.46.204

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousCredential FlusherBrowse
                                    • 172.202.163.200
                                    • 13.107.246.45
                                    XWorm.exeGet hashmaliciousLummaCBrowse
                                    • 172.202.163.200
                                    • 13.107.246.45
                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                    • 172.202.163.200
                                    • 13.107.246.45
                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                    • 172.202.163.200
                                    • 13.107.246.45
                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                    • 172.202.163.200
                                    • 13.107.246.45
                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                    • 172.202.163.200
                                    • 13.107.246.45
                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                    • 172.202.163.200
                                    • 13.107.246.45
                                    https://wide-loads.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                    • 172.202.163.200
                                    • 13.107.246.45
                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                    • 172.202.163.200
                                    • 13.107.246.45
                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                    • 172.202.163.200
                                    • 13.107.246.45

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\regsvr32.EXE.log

                                    Download File
                                    Process:C:\Windows\System32\regsvr32.exe
                                    File Type:CSV text
                                    Category:dropped
                                    Size (bytes):434
                                    Entropy (8bit):5.383282394444275
                                    Encrypted:false
                                    SSDEEP:12:Q3La/KDLI4MWuPXcp151KDLI4MN5I/k1Bv:ML9E4KQ71qE4GIsD
                                    MD5:00930768B2E044245AC5529BC4F2FFDF
                                    SHA1:DF262F47F31653AAE570477B12B90B2E385A8D50
                                    SHA-256:E0A23AC0FD66AC2AD5922D20187B374A1B7B148FF47CABB69441EB2F699008C8
                                    SHA-512:76F371B3D2FCE707DA45DCA1755DE56BA7AC8827E5F18F900E52AEF35AEF3D42B39F656CC08A10372872BA601AFD9E6F3D930A98F92A3F9A885E9B6CBAF38ADA
                                    Malicious:false
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..

                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:data
                                    Category:modified
                                    Size (bytes):64
                                    Entropy (8bit):0.34726597513537405
                                    Encrypted:false
                                    SSDEEP:3:Nlll:Nll
                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                    Malicious:false
                                    Preview:@...e...........................................................

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1tl2eztg.qzb.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_25vmboqr.fgr.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c5g4eu4q.ttk.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jim0px3a.5iv.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jzw2czj1.cko.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_luaxbhni.pw0.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pz1h5mgp.44d.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tpnaftvm.1mm.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\second_data_temp.zip

                                    Download File
                                    Process:C:\Windows\System32\regsvr32.exe
                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                    Category:dropped
                                    Size (bytes):94081
                                    Entropy (8bit):7.867349334322687
                                    Encrypted:false
                                    SSDEEP:1536:6JlEt2c1bx3Wv8FFdY38bjlMyrr1D2iri2KQjHhIvwwwXNjsbdCnhBqCMEgAVvDG:QlsvdYMP1r8QjB99ICniZsG
                                    MD5:33725DFCC8FFCBC026839DA2BDB55DAE
                                    SHA1:35F249AD0850B4EDBC62AF40DE427EF2BDD99C78
                                    SHA-256:0DE6B62B625EA86A56117A1EDCEFF37DFA1D2492BB62993BAAF9C59FBE1FF789
                                    SHA-512:9D663C570DF995BB8402AE5A8236A47EE2581439CFF6F53FB0FCC84A1960D448963DA94F9FA91849DD10020DC08FF8A3096420DE57BC6653722480180807D4B6
                                    Malicious:false
                                    Preview:PK..........AY...@.n..........second_data.bin.\y\.....,.n.$..9$*.Ri...$."G.\.,..P.TB.&.F.)R....I.fE..}..s...{....g...Z.Z{.7..,..E..o.{iF".YO.dTE.D.'..04"%.....0N.x`.C......1..&.Q.r...}..zW<=D.*m ..'.[.L.@...r..A...*Kn...X.J+7....,..../....4.........n.`04V.Y.......q...............PJUT.'>..]....~.og........%.....F..!.....8..|.5....".....-.............%.1....?2 ...A.[k..........5E-.U{io...`|..H..;..?<....!..Z.?.1rs5".X...d.T.86|K#..G<K.i.d.Y4....S>-a...2W..8...{.L.C....... .s..H......_.}n(..}oz?.c...Z.l...9Rb...Hs.........Rt.W.._y+f9O......m./.......Cg....kq.&[..N.e./.[.~...qYx........O.I.\Q...U..k.f.].c...N..r.......O.ARv......^j..Z...._v...z9.b..X.AVv.....k|....7g....>g....7&B\.r.........E.UB.6C~Y.[z.:.B0.[S.....g--.p_..3......=.........[.....{.IFU.7>=.'#......S...v..>...,..b.i..0#w.F...E.....d...^........^...n.....\.....mk..S.!_..0.uc...Z........s.v.....I..r....2.b...PW....t...v...=Z`.f..x...'._.{..wu....L._.t....w.....x...~....$K(R....J..

                                    C:\Users\user\AppData\Roaming\ACKq.ini

                                    Download File
                                    Process:C:\Users\user\Desktop\81zBpBAWwc.exe
                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                    Category:dropped
                                    Size (bytes):1069056
                                    Entropy (8bit):7.687858240798343
                                    Encrypted:false
                                    SSDEEP:24576:J80IV0b83n9cPUhWDn3nyjAhosTiwTJ80qIa07x72:a0DbeGU0iTsTi30q+7x72
                                    MD5:60A55B1D8E739216CADD3E31D7412F03
                                    SHA1:8B5C284796A1EFA1DF8A3EDDD27070D374E1CC54
                                    SHA-256:BE86E0357748F3B4FA166342F284800A83C955C2C8B197475C2450613A6EED67
                                    SHA-512:C06CB2B86F7A9DE5243F4395FB40FA88A7669F3E427D427AFB95801DE447BEB8F616847890AE12CFC6060EC7215CEB370CD61B5CF0395EAB81312121060DC7AB
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 12%
                                    • Antivirus: Virustotal, Detection: 7%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...O-.f..........."...*.....L......0....................................................`... ......................................p..........................................|...............................(...................X................................text...X...........................`..`.data...............................@....rdata.. ...........................@..@.pdata..............................@..@.xdata...2... ...4..................@..@.bss....@....`...........................edata.......p.......2..............@..@.idata...............4..............@....CRT....`............F..............@....tls.................H..............@....reloc..|............J..............@..B........................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\Tox\tox_save.tox

                                    Download File
                                    Process:C:\Windows\System32\rekeywiz.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):2937
                                    Entropy (8bit):6.94560610651568
                                    Encrypted:false
                                    SSDEEP:48:GHcnzvKrBj8fS5eCe74Dci73gyfy2BlK+5EwQ1YXBE3:uczvK9QVJ74Dc6txlKbwQ1Yx6
                                    MD5:172240FD5465EFA6C4D269D71C1F11E5
                                    SHA1:32AAFBB44A360FE0D79BC7C8D08F70AA478C7DA6
                                    SHA-256:0B0DF2D99FE1B2C5CC0482E12B04DD610F923F2CC64427CB2287FFC06CCA4B02
                                    SHA-512:3CB468FEC35D5611CAA3519B6EBC55340E9B2D0EEC0A27E4B38B1FDADC20B56AAC2FBDE3B94C38E2F612C154E2D799A8987B7DA02F3A4D22DC7504BFE3233791
                                    Malicious:false
                                    Preview:........D..........[;.../+w..9J.M:...._../...0u...GZf.....z.A...jc.1.W...$..Tq.m...........Y.w..........*...n.)....(IX.Za.5Q.,..4h...U!.x.U...u3......7....V@>6o....p~.(q../.".n..15.......H^Z.w...z.O.s....2..@.43.j..4=.C.D..ds!...X$.2....E...0.....Di...?...t.?.{..U...#*.W.4.D....{.H...4..6..G... E..n|.Xy..+...e....b.{?....2..7..=.I=.o..W..W..v.&........G.....4..5..t....8.?..t|..n60.|..00L.o....-..p...yOM.....=..:.r.R.GI....tq-.6......0...........&i.u..[...;....6./.6........)\...i.hk.."_.!..ty._"v}X%.Q.ec]..h..+..-.K..>.>i./%....wh.......L.........ts.3........Oy.i2_.p.M.28........!.9.na...y..C...7.oP...{.....p.6.36....3T9....0E...N..Y.s.u......!.Z.,........k...P.1.+n...uz...Q.S..a.\B....i'....z..H......OK,u$[r/....P...p..e.-Xj....lw...Z.b/y.:.y/y..s..B.:\h...l..............cd.w...|.r.}C7?.a.oY...".o....m........n.k...U..........].+.%a.t....q...5...W..~..y+=h..\oM.....e.6.jn...g..7B......HJ...oa:2..*..n`.Q.G.^.-$.....\..91e.2.~...V.....J.*C.

                                    C:\Users\user\AppData\Roaming\Tox\utox_save.ini

                                    Download File
                                    Process:C:\Windows\System32\rekeywiz.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):27
                                    Entropy (8bit):3.9400726873486547
                                    Encrypted:false
                                    SSDEEP:3:VcM6RQRov:VcM6Ky
                                    MD5:5B4E46B79998EE26C8F854677A591421
                                    SHA1:7A6F479B28D7AB6E28582AF0AEE03FF2E923D57F
                                    SHA-256:F3780570DA34038FFD91A135C23D0EF83EE1F4368E7E5088C4D8B44B87BD8E8A
                                    SHA-512:211EAF9EB13C461961AD0538B26452160814D08789C3D6CDD879EF74D0DB374C3D9F55B85D0EFB89C841778BDD269E1E3496F91DC0CF77205C7C030A4E8C754C
                                    Malicious:false
                                    Preview:[general]..save_version=4..

                                    C:\Users\user\AppData\Roaming\Tox\utox_save.in~

                                    Download File
                                    Process:C:\Windows\System32\rekeywiz.exe
                                    File Type:Generic INItialization configuration [interface]
                                    Category:dropped
                                    Size (bytes):708
                                    Entropy (8bit):4.648717284766249
                                    Encrypted:false
                                    SSDEEP:12:VGK+WHTshKsaRVmfq/tOE8JfnIYuv8jy+SthXiJX7rAQtJhiq+auyYVS0v9:VGK+WHMKsaRVmf0EbnIYu02WtHDfAVS8
                                    MD5:4936FFCD5B5217817FACFA40DD6BF3C3
                                    SHA1:6F340BF744570CEF6537BD0A7E93DCC32F90D80E
                                    SHA-256:1BFB54EA4231FA9922F3F33581D05924131788F8556938C77842B6C21BC7FECD
                                    SHA-512:1A04A33846641ED3C8F4D0FE1FC0AD26FEB9A55D229D202E69CCE97FA09FC14AB00D810C3A80F3A50D7FB255698005A5883F115727207BD4BAF81C80A2DFB3FD
                                    Malicious:false
                                    Preview:[general]..save_version=4..utox_last_version=4609..[interface]..language=0..window_x=0..window_y=0..window_width=750..window_height=500..theme=0..scale=10..logging_enabled=true..close_to_tray=false..start_in_tray=false..auto_startup=false..use_mini_flist=false..filter=false..magic_flist_enabled=false..use_long_time_msg=true..[av]..push_to_talk=false..audio_filtering_enabled=true..audio_device_in=0..audio_device_out=0..video_fps=25..[notifications]..audible_notifications_enabled=true..status_notifications=true..no_typing_notifications=true..group_notifications=2..[advanced]..enableipv6=true..disableudp=false..proxyenable=false..proxy_port=0..proxy_ip=..force_proxy=false..block_friend_requests=false..

                                    C:\Users\user\AppData\Roaming\oc82.ini

                                    Download File
                                    Process:C:\Windows\System32\rekeywiz.exe
                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                    Category:dropped
                                    Size (bytes):486400
                                    Entropy (8bit):6.904893954535027
                                    Encrypted:false
                                    SSDEEP:6144:gxOiJ9Cfi+tWW6AKEFR3hdf0GDm5iQ0d6ghn0N97tAD/IO9qckqHDUIKMB3emqqz:gxOiqfRD6kOb6node/B9U1MBOmqqra
                                    MD5:5BF9C5C649E1AF61B41EBCDFCA9597BC
                                    SHA1:8F83FFE801801567DA2933A3033F3D2AE0059AD3
                                    SHA-256:55A451457DBC1F6D28A4C1AB2D477FBBFAE002999A0789C9F3D1BD6610511D98
                                    SHA-512:32E7CF427EBA9E903D77B59F7299864149C6DD4B19FE59CE3C1E3144DB171E3C003CA06EA0E8B3B5CAF3E4DA4559F748760B6CB0256D063140797C32AADCD029
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 12%
                                    • Antivirus: Virustotal, Detection: 7%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...E..f..........."...*.....h......0................................................l....`... .................................................................................|...............................(...................X................................text...X...........................`..`.data...............................@....rdata..............................@..@.pdata..............................@..@.xdata...2...0...4..................@..@.bss....@....p...........................edata...............N..............@..@.idata...............P..............@....CRT....`............b..............@....tls.................d..............@....reloc..|............f..............@..B........................................................................................................................................................................

                                    Static File Info

                                    General

                                    File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                    Entropy (8bit):7.351293589769997
                                    TrID:
                                    • Win64 Executable (generic) (12005/4) 74.95%
                                    • Generic Win/DOS Executable (2004/3) 12.51%
                                    • DOS Executable Generic (2002/1) 12.50%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                                    File name:81zBpBAWwc.exe
                                    File size:2'322'503 bytes
                                    MD5:8837df25aabc4fad85e851aca192f714
                                    SHA1:c4fbd38356b7ee16eaf21deb83170bbcb0fe566a
                                    SHA256:741cee2c6f6f8ee8a54923fa2a0c88085cede35bdc2e95b1b9f1800e894e6c19
                                    SHA512:93f712ae3ca726b090df270feb1421ea98778260b7fe309e06ac3887b396d3dc8ab41655ec7d15a57cac8b467cca0395a52ef965765a26c9597f6512fdad88e2
                                    SSDEEP:49152:fIGHiuBfswUwl+GdRI2UET1SUvj0Ug6j9iuXWvpAqahtX8+34+vSVHstzn+qpEjs:fNCuBfZ4GdfUaj0UgM5WviXtT34+vBJV
                                    TLSH:62B5D002B4F49DACDA96E134828E973676797C8C4233FABB0579A2302D56D936F0D71C
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w-.f....e.....&....*.......................@............................. ......J.#...`... ............................

                                    File Icon

                                    Icon Hash:90cececece8e8eb0

                                    Static PE Info

                                    General

                                    Entrypoint:0x1400013d0
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x140000000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                    Time Stamp:0x66FC2D77 [Tue Oct 1 17:12:23 2024 UTC]
                                    TLS Callbacks:0x40065e00, 0x1, 0x400ad5f0, 0x1, 0x400ad5c0, 0x1
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:54776c3646f747dfbde158e246ecf23c

                                    Entrypoint Preview

                                    Instruction
                                    dec eax
                                    sub esp, 28h
                                    dec eax
                                    mov eax, dword ptr [001C3AD5h]
                                    mov dword ptr [eax], 00000001h
                                    call 00007FEF4CBC323Fh
                                    nop
                                    nop
                                    dec eax
                                    add esp, 28h
                                    ret
                                    nop dword ptr [eax]
                                    dec eax
                                    sub esp, 28h
                                    dec eax
                                    mov eax, dword ptr [001C3AB5h]
                                    mov dword ptr [eax], 00000000h
                                    call 00007FEF4CBC321Fh
                                    nop
                                    nop
                                    dec eax
                                    add esp, 28h
                                    ret
                                    nop dword ptr [eax]
                                    dec eax
                                    sub esp, 28h
                                    call 00007FEF4CC6F514h
                                    dec eax
                                    cmp eax, 01h
                                    sbb eax, eax
                                    dec eax
                                    add esp, 28h
                                    ret
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    dec eax
                                    lea ecx, dword ptr [00000009h]
                                    jmp 00007FEF4CBC3479h
                                    nop dword ptr [eax+00h]
                                    ret
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    nop
                                    dec eax
                                    sub esp, 28h
                                    dec esp
                                    cmp ecx, eax
                                    jnbe 00007FEF4CBC34ADh
                                    dec eax
                                    mov eax, edx
                                    dec eax
                                    mov edx, ecx
                                    dec eax
                                    add esp, 28h
                                    ret
                                    dec esp
                                    mov edx, eax
                                    dec ebp
                                    mov eax, ecx
                                    call 00007FEF4CC5F4F6h
                                    int3
                                    dec eax
                                    sub esp, 28h
                                    dec ebp
                                    mov edx, eax
                                    dec ecx
                                    sub edx, ecx
                                    jc 00007FEF4CBC34B0h
                                    dec eax
                                    add edx, ecx
                                    dec eax
                                    mov eax, edx
                                    dec esp
                                    mov edx, edx
                                    dec eax
                                    add esp, 28h
                                    ret
                                    dec esp
                                    mov edx, eax
                                    dec ebp
                                    mov eax, ecx
                                    call 00007FEF4CC5F460h
                                    int3
                                    inc ecx

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1db0000x1d48.idata
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1df0000x4e8.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1c60000x7404.pdata
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1e00000x11e8.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x1c4ae00x28.rdata
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x1db6f00x610.idata
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x10000xb90980xb920099984de426a9275eb900277f5b8ef06aFalse0.49089245020256583data6.404407400450186IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .data0xbb0000xde00xe006d0f2ecef6903b7df32182d0a8536b60False0.6397879464285714data5.1097883444350085IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .rdata0xbc0000x109fa00x10a000226e8abb80e29a4baebdb6db8ac376b6False0.8954591679393797data7.850666291614015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .pdata0x1c60000x74040x7600abac26793d25353b0222bc960f525c37False0.4912274894067797data5.893129234952204IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .xdata0x1ce0000xb6700xb800e173a0489173ca284506ac3195c19a55False0.25717561141304346data5.27360936989502IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .bss0x1da0000x2a00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .idata0x1db0000x1d480x1e001f934f2d7f0a09515ec9abea148174aaFalse0.31223958333333335data4.5947076544396594IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .CRT0x1dd0000x680x200c4a8682d1a0c007aacc39168274a23b9False0.076171875data0.3902893143356773IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .tls0x1de0000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .rsrc0x1df0000x4e80x600f82d6037a9e9b85cabdd7d085d8ec1bbFalse0.3352864583333333data4.784930512373522IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x1e00000x11e80x1200f383ddce524398bbedbb49a7cd796939False0.5549045138888888data5.417725925946441IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_MANIFEST0x1df0580x48fXML 1.0 document, ASCII text0.40102827763496146

                                    Imports

                                    DLLImport
                                    KERNEL32.dllDeleteCriticalSection, EnterCriticalSection, InitializeCriticalSection, LeaveCriticalSection, RaiseException, RtlUnwindEx, VirtualProtect, VirtualQuery, __C_specific_handler
                                    msvcrt.dll__getmainargs, __initenv, __iob_func, __set_app_type, __setusermatherr, _amsg_exit, _assert, _cexit, _commode, _fmode, _fpreset, _initterm, _onexit, abort, calloc, exit, fprintf, free, fwrite, malloc, memcmp, memcpy, memmove, memset, realloc, signal, strlen, strncmp, vfprintf
                                    ntdll.dllNtCreateFile, NtReadFile, NtWriteFile, RtlNtStatusToDosError
                                    USERENV.dllGetUserProfileDirectoryW
                                    WS2_32.dllWSACleanup, WSADuplicateSocketW, WSAGetLastError, WSARecv, WSASend, WSASocketW, WSAStartup, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, getpeername, getsockname, getsockopt, ioctlsocket, listen, recv, recvfrom, select, send, sendto, setsockopt, shutdown
                                    KERNEL32.dllAddVectoredExceptionHandler, CancelIo, CloseHandle, CompareStringOrdinal, CopyFileExW, CreateDirectoryW, CreateEventW, CreateFileMappingA, CreateFileW, CreateHardLinkW, CreateMutexA, CreateNamedPipeW, CreateProcessW, CreateSymbolicLinkW, CreateThread, CreateToolhelp32Snapshot, CreateWaitableTimerExW, DeleteFileW, DeleteProcThreadAttributeList, DeviceIoControl, DuplicateHandle, ExitProcess, FileTimeToSystemTime, FindClose, FindFirstFileW, FindNextFileW, FlushFileBuffers, FormatMessageW, FreeEnvironmentStringsW, GetCommandLineW, GetConsoleMode, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileType, GetFinalPathNameByHandleW, GetFullPathNameW, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetOverlappedResult, GetProcAddress, GetProcessHeap, GetProcessId, GetStdHandle, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetSystemTimePreciseAsFileTime, GetTempPathW, GetTimeZoneInformation, GetWindowsDirectoryW, HeapAlloc, HeapFree, HeapReAlloc, InitOnceBeginInitialize, InitOnceComplete, InitializeProcThreadAttributeList, MapViewOfFile, Module32FirstW, Module32NextW, MoveFileExW, MultiByteToWideChar, QueryPerformanceCounter, QueryPerformanceFrequency, ReadConsoleW, ReadFile, ReadFileEx, RemoveDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetCurrentDirectoryW, SetEnvironmentVariableW, SetFileAttributesW, SetFileInformationByHandle, SetFilePointerEx, SetFileTime, SetHandleInformation, SetLastError, SetThreadStackGuarantee, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SleepEx, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TzSpecificLocalTimeToSystemTime, UnmapViewOfFile, UpdateProcThreadAttribute, WaitForMultipleObjects, WaitForSingleObject, WideCharToMultiByte, WriteConsoleW, WriteFileEx, lstrlenW
                                    ole32.dllCoTaskMemFree
                                    SHELL32.dllSHGetKnownFolderPath
                                    api-ms-win-core-synch-l1-2-0.dllWaitOnAddress, WakeByAddressAll, WakeByAddressSingle
                                    bcryptprimitives.dllProcessPrng

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-10-05T14:33:07.055635+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1147.45.126.713752192.168.2.449730TCP
                                    2024-10-05T14:33:18.518868+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1147.45.126.713752192.168.2.449737TCP
                                    2024-10-05T14:33:18.518868+02002854824ETPRO JA3 HASH Suspected Malware Related Response2147.45.126.713752192.168.2.449737TCP
                                    2024-10-05T14:33:28.169435+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1147.45.126.713752192.168.2.449738TCP
                                    2024-10-05T14:33:28.169435+02002854824ETPRO JA3 HASH Suspected Malware Related Response2147.45.126.713752192.168.2.449738TCP
                                    2024-10-05T14:33:34.235800+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert146.29.238.964872192.168.2.449739TCP
                                    2024-10-05T14:33:57.322189+02002842478ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)1185.196.9.1747777192.168.2.457406TCP
                                    2024-10-05T14:35:02.831698+02002842478ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)1185.196.9.1747777192.168.2.458626TCP
                                    2024-10-05T14:35:03.776364+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert146.29.238.964872192.168.2.458627TCP

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Oct 5, 2024 14:32:59.410892963 CEST49675443192.168.2.4173.222.162.32
                                    Oct 5, 2024 14:33:06.411350965 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:06.418116093 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:06.418354988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:06.418468952 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:06.424618959 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.050143003 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.050714016 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.055634975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.243326902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.255153894 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.260066986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.493530989 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.493588924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.493633032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.493701935 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.493957043 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.493989944 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.494019032 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.494024038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.494059086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.494081020 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.494287968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.494322062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.494339943 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.494452000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.494484901 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.494501114 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.494524002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.494570971 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.500471115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.500545979 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.500580072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.500598907 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.551542997 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.764920950 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765021086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765081882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765114069 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.765119076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765155077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765170097 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.765192986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765222073 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765244007 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.765263081 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765311003 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.765604973 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765671968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765707016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765722036 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.765742064 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765777111 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765794992 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.765810966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765841961 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765860081 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.765878916 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.765927076 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.766572952 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.766621113 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.766659975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.766669989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.766695976 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.766726017 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.766737938 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.766762972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.766798019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.766803980 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.766838074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.766872883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.766884089 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.767502069 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.767554045 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.767556906 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.770385027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.770447016 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.770576954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.770620108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.770668030 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.770701885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.771161079 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.771212101 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.771219015 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.771248102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.771287918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.771296024 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.771507978 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.771560907 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.771636009 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.771672964 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.771718025 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.771950006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.771986008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.772023916 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.772032976 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.772418976 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.772470951 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.772537947 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.772572041 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.772619009 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.772830009 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.772865057 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.772917986 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.773313999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.773425102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.773458958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.773467064 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.773685932 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.773721933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.773736000 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.774175882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.774225950 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.774311066 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.774344921 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.774395943 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.774604082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.774638891 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.774682999 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.775085926 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.775204897 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.775240898 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.775250912 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.775486946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.775521994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.775537014 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.775974989 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.776032925 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.776065111 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.776098967 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.776140928 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.776315928 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.776350021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.776396036 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.776859999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.776949883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.776982069 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.776997089 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.777182102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.777216911 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.777230024 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.777745008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.777796984 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.777925968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.778110981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.778158903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.778162956 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.778433084 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.778487921 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.778523922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.778799057 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.778846979 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.778930902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.779015064 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.779062986 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.779109955 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.783620119 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.783665895 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.783684015 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.783755064 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.783783913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.783802986 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.790967941 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.791066885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.791085005 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.791110992 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.791162014 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.797599077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.797687054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.797723055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.797744989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.803566933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.803669930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.803698063 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.803711891 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.803756952 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.809086084 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.809137106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.809175968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.809190989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.812576056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.812644958 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.812669992 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.812706947 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.812758923 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.812911034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813036919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813071966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813081026 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.813226938 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813261032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813275099 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.813519001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813554049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813568115 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.813590050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813683987 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813694000 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.813906908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813937902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.813956976 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.814063072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.814096928 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.814111948 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.814131975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.814167023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.814178944 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.815531969 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.815606117 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.815660954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.815696001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.815738916 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.821472883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.821518898 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.821557045 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.821568966 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.821594954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.821641922 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.821830988 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.821867943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.821902990 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.821957111 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.823493958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.823549032 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.823553085 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.823584080 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.823632002 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.823714972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.826098919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.826153040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.826155901 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.826208115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.826236963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.826258898 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.829130888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.829174042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.829189062 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.829212904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.829251051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.829262018 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.831314087 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.831368923 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.831409931 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.831446886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.831490993 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.833997965 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.834112883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.834146023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.834166050 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.839248896 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.839299917 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.839314938 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.839340925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.839396954 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.841135979 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.841187000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.841227055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.841243982 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.844217062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.844266891 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.844284058 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.844310999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.844361067 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.844856024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.844913960 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.844944954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.844963074 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.845040083 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.845088005 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.849490881 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.849539995 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.849577904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.849589109 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.854787111 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.854912043 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.854928970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.854962111 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.854998112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.855010986 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.855974913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.856025934 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.856065035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.856106043 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.856154919 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.860332012 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.860454082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.860505104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.860508919 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.872601032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.872653008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.872674942 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.872693062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.872745037 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.873558998 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.873589993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.873626947 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.873632908 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.873666048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.873708963 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.874541998 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.874857903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.874943018 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.874963045 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.875006914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.875093937 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.876781940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.876811981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.876847982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.876852989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.876935959 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.876966953 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.876987934 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.876996994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.877041101 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.877285004 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.877320051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.877373934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.877387047 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.877634048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.877667904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.877691984 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.879446030 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.879502058 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.879615068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.879646063 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.879697084 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.879776001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.879808903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.879861116 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.879944086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.879972935 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.880012035 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.882535934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.882569075 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.882602930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.882616997 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.882806063 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.882843971 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.882858992 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.883091927 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.883141994 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.889940023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.889982939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890023947 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890052080 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.890063047 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890114069 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.890325069 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890386105 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890419960 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890435934 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.890458107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890491009 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890508890 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.890525103 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890559912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890573978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.890595913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890638113 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.890639067 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.892299891 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.892362118 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.892390966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.892426968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.892477989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.895632982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.895731926 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.895766020 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.895790100 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.895801067 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.895844936 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.897430897 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.897522926 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.897559881 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.897572041 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.899667025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.899729967 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.899776936 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.899812937 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.899857998 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.905004025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.905049086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.905093908 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.905111074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.905150890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.905185938 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.905194998 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.905226946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.905275106 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.905477047 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.905625105 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.905659914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.905673027 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.907594919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.907666922 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.907690048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.907728910 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.907776117 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.909619093 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.909718037 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.909749031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.909775972 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.909811974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.909862041 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.912954092 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.913005114 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.913043976 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.913057089 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.913324118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.913371086 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.913383961 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.913419008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.913461924 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.916580915 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.916644096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.916726112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.916753054 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.916759968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.916805029 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.916852951 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.916888952 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.916924000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.916930914 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.923574924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.923621893 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.923640013 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.923662901 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.923700094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.923728943 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.923734903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.923789978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.923799038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.923836946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.923871994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.923899889 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.923909903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.923962116 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.924226999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.924257994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.924288988 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.924302101 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.924324036 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.924376965 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.925919056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.926040888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.926079035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.926090956 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.926891088 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.926925898 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.926960945 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.926963091 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.927005053 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.928792000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.928822994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.928858042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.928867102 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.928927898 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.928977013 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.929455996 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.929652929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.929687977 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.929708004 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.932931900 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.932996035 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.933033943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.933073997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.933108091 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.933125973 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.933144093 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.933180094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.933191061 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.934674978 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.934721947 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.934736013 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.934760094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.934808016 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.935216904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.935410023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.935441971 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.935458899 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.935480118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.935532093 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.936784983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.936836958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.936872005 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.936906099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.936928034 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.936942101 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.936959982 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.936979055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.937026978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.937336922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.937432051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.937465906 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.937474012 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.941127062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.941169977 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.941184044 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.941234112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.941282988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.941288948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.941323042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.941359997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.941365004 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.941420078 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.941463947 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.946805000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.946850061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.946897984 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.946912050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.946950912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.946985006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.946996927 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.947021008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.947060108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.947067022 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.947331905 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.947381973 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.958555937 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.958632946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.958687067 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.958693981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.958750010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.958784103 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.958798885 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.958821058 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.958858013 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.958868980 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.964597940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.964678049 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.964693069 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.964732885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.964767933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.964781046 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.964804888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.964838982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.964855909 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.964878082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.964924097 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.965182066 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.965321064 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.965356112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.965373039 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.965394020 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.965429068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.965434074 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.966018915 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.966068983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.966073990 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.966109991 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.966140985 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.966152906 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.970616102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.970671892 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.970676899 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.970710039 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.970743895 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.970756054 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.970782042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.970814943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.970829010 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.970854044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.970906973 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.976587057 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.976639986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.976676941 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.976690054 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.976737022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.976773977 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.976778030 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.976809025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.976845980 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.976850986 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.976886034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.976924896 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.981909990 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.982054949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.982091904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.982105970 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.982206106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.982244968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.982266903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.982280970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.982317924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.982331991 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.982731104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.982780933 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.991344929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.991419077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.991472006 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.991478920 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.991517067 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.991550922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.991560936 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.991585970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.991626978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.991626978 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.991986036 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992093086 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.992104053 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992135048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992176056 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.992208004 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992243052 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992278099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992291927 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.992312908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992343903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992364883 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.992690086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992726088 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992743015 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.992759943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.992805958 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.999291897 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.999341965 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.999381065 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.999418020 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.999470949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.999506950 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.999515057 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:07.999546051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:07.999587059 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.000531912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.003712893 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.003776073 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.003782988 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.003822088 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.003876925 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.003911018 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.003945112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.003978968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.003998041 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.004014015 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.004048109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.004065990 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.008270979 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.008313894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.008331060 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.008373976 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.008410931 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.008420944 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.008446932 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.008482933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.008487940 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.008519888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.008558989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.008737087 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.011862040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.011905909 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.011914968 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.011966944 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.012002945 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.012013912 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.012038946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.012073994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.012087107 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.012110949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.012156963 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.012183905 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.014358997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.014477015 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.014501095 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.014539003 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.014585972 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.014656067 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.014692068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.014727116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.014733076 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.014795065 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.014828920 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.014837980 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.019501925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.019566059 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.019573927 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.019613981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.019649029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.019660950 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.019685984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.019720078 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.019733906 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.019758940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.019788980 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.019804955 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.022269964 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.022330999 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.022358894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.022397041 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.022439003 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.022485971 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.022521019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.022556067 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.022562027 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.022591114 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.022624969 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.022629976 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.033226967 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033271074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033293962 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.033308983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033345938 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033358097 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.033380985 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033417940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033427954 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.033457994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033503056 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.033813000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033854961 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033889055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033904076 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.033926964 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.033970118 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.034303904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.034337997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.034373045 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.034387112 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.034401894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.034449100 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.050992966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.051042080 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.051079988 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.051099062 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.051119089 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.051160097 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.051243067 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.051276922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.051311970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.051325083 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.051348925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.051399946 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.052005053 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.052053928 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.052088976 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.052103996 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.052129984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.052175045 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.052265882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.052301884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.052345991 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.053548098 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.053662062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.053693056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.053714037 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.053843975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.053878069 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.053904057 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.053911924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.053950071 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.053956985 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.054343939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.054400921 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.061206102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.061358929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.061392069 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.061419010 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.061446905 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.061482906 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.061496019 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.061521053 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.061556101 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.061561108 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.061822891 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.061881065 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.068279028 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.068324089 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.068372965 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.068383932 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.068449974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.068484068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.068500042 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.068521023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.068558931 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.068568945 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.068897009 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.068948030 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.077783108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.077841043 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.077883005 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.077940941 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.077977896 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.078013897 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.078044891 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.078053951 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.078094959 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.078618050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.078670025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.078696012 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.078707933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.078764915 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.078767061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.078803062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.078843117 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.078872919 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.079176903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.079214096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.079240084 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.089334011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.089436054 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.089446068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.089481115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.089531898 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.089592934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.089632034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.089667082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.089679003 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.089703083 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.089755058 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.090377092 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.090450048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.090486050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.090509892 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.090521097 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.090559959 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.090580940 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.090590954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.090632915 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.090898991 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.090936899 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.090985060 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.097923040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.097973108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.098009109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.098043919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.098057032 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.098089933 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.098104000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.098139048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.098176956 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.098191977 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.098845005 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.098912001 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.100713968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.100810051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.100843906 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.100874901 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.100899935 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.100934982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.100961924 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.100986004 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.101041079 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.101285934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.101321936 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.101356030 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.101376057 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.101393938 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.101429939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.101444960 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.101922989 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.101985931 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.102050066 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.102085114 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.102119923 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.102140903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.102152109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.102207899 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.108666897 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.108722925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.108779907 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.108784914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.108819962 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.108858109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.108874083 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.109128952 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.109164953 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.109194994 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.109201908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.109239101 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.109251022 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.109277010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.109343052 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.110023975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.110074997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.110162973 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.110215902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.110253096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.110291958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.110318899 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.119195938 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.119277000 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.119291067 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.119326115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.119422913 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.119467020 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.119504929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.119539022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.119556904 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.119575024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.119632006 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.120263100 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.120315075 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.120352030 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.120367050 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.120387077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.120421886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.120435953 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.120460033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.120500088 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.120980024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.121033907 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.121093988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.137517929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.137567997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.137608051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.137625933 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.137643099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.137680054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.137712002 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.137716055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.137751102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.137770891 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.137789011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.137835979 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.137986898 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.138024092 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.138057947 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.138076067 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.138093948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.138128996 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.138153076 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.138789892 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.138844013 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.138844013 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.151236057 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151278973 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151316881 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151319027 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.151355028 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151366949 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.151413918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151452065 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151465893 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.151489019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151524067 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151539087 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.151556969 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151591063 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151618004 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.151628971 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151664019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151674986 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.151700020 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151734114 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151760101 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.151767015 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151803970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.151817083 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.156251907 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.156296968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.156333923 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.156347990 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.156372070 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.156392097 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.156407118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.156441927 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.156464100 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.156480074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.156522989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.156852007 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.165357113 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.165425062 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.165431023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.165465117 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.165517092 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.165518999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.165554047 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.165587902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.165600061 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.165630102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.165677071 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.166060925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.166099072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.166148901 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.166152000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.166183949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.166217089 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.166228056 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.166251898 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.166296005 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.166548014 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.166718006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.166753054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.166770935 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.183578014 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.183651924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.183687925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.183691025 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.183725119 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.183743000 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.183764935 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.183809996 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.183876991 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.183912992 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.183947086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.183957100 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.184582949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.184658051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.184659004 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.184695959 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.184729099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.184742928 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.184770107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.184811115 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.184891939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.184928894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.184973001 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.203197002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.203243971 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.203282118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.203301907 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.203524113 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.203558922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.203571081 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.203594923 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.203634024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.203639030 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.204906940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.204937935 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.204967022 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.204974890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.205024958 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.205064058 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.205097914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.205147982 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.205224037 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.205260038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.205310106 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.205703974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.212838888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.212893009 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.212903023 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.212929010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.212984085 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.213257074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213290930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213325977 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213335991 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.213360071 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213397026 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213406086 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.213746071 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213779926 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213794947 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.213814974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213850021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213872910 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.213885069 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213920116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.213928938 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.214397907 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.214431047 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.214452982 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.214467049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.214497089 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.214517117 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.214764118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.214798927 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.214812040 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.214835882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.214864016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.214879990 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.223530054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.223618031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.223650932 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.223651886 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.223726034 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.223759890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.223794937 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.223829031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.223853111 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.223865032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.223915100 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.224639893 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.224692106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.224728107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.224746943 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.224765062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.224798918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.224812984 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.224838972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.224886894 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.225037098 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.225073099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.225123882 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.231827974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.231870890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.231930017 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.231936932 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.231966972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232002020 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232031107 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.232038021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232075930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232093096 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.232440948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232475042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232501984 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.232511044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232568979 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.232769966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232804060 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232836962 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232851028 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.232871056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232903957 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.232943058 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.241636992 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.241688967 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.241719961 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.241784096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.241837025 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.241843939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.241879940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.241914988 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.241934061 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.241949081 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.241982937 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.242002964 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.250081062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250125885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250152111 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.250186920 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250224113 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250242949 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.250258923 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250293016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250303984 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.250332117 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250377893 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.250642061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250677109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250711918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250734091 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.250746965 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.250807047 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.251507044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.251558065 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.251612902 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.251704931 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.251795053 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.251847029 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.258069038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.258137941 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.258200884 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.258203983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.258241892 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.258281946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.258292913 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.258502007 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.258537054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.258547068 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.258574009 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.258610964 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.258620977 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.258647919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.258698940 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.259511948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.259644985 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.259684086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.259697914 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.259722948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.259771109 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.275784016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.275832891 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.275872946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.275913000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.275964975 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.275984049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.275988102 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.276022911 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.276058912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.276072025 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.276427984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.276520014 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.276535034 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.276767015 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.276798010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.276829004 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.276835918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.276870966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.276890993 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.277115107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.277169943 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.277271986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.277307034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.277360916 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.287739038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.287842989 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.287878036 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.287904024 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.288130999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.288167000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.288183928 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.288387060 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.288422108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.288439989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.290050983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.290117979 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.290163994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.290199041 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.290246964 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.290482044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.290517092 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.290550947 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.290566921 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.290587902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.290640116 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.299693108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.299767971 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.299806118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.299829960 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.299839973 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.299879074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.299905062 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.299912930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.299952030 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.299963951 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.300085068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.300133944 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.300298929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.300333977 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.300368071 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.300395012 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.300403118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.300438881 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.300456047 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.300472975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.300519943 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.311427116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.311477900 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.311518908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.311544895 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.311625004 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.311660051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.311681032 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.311696053 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.311732054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.311752081 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.312330961 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.312366962 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.312388897 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.312402010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.312436104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.312454939 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.312469959 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.312503099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.312517881 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.312536001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.312583923 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.313469887 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.313505888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.313540936 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.313556910 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.313575029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.313611984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.313623905 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.313647032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.313682079 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.313694954 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.321242094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321320057 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.321382999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321415901 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321451902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321465015 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.321486950 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321521044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321543932 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.321557999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321615934 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.321751118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321804047 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321837902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321860075 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.321870089 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.321918011 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.321980953 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.322016001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.322050095 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.322062969 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.322087049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.322123051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.322134018 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.330111027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.330182076 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.330271006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.330303907 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.330348015 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.330359936 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.330394030 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.330429077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.330440998 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.330466032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.330519915 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.331084967 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336168051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336221933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336256027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336364031 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.336393118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336491108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336524963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336544991 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.336560965 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336610079 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.336862087 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336896896 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336935043 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.336949110 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.337167978 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.337202072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.337227106 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.337235928 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.337270975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.337287903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.337692976 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.337754965 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.344316006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.344425917 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.344461918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.344481945 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.344706059 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.344741106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.344753981 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.344978094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.345010996 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.345033884 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.345043898 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.345077991 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.345098019 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.345113039 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.345161915 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.345685959 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.345721006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.345753908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.345765114 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.345789909 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.345837116 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.362006903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.362109900 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.362143040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.362173080 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.362416983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.362456083 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.362543106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.362577915 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.362603903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.362603903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.362612963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.362683058 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.362900972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.363089085 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.363126040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.363147020 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.363423109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.363456011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.363481998 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.363488913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.363523006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.363547087 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.363554001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.363611937 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.374237061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.374340057 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.374375105 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.374403000 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.374635935 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.374670029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.374703884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.374778986 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.374778986 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.375008106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.376460075 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.376516104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.376523018 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.376549959 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.376605988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.376868010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.376902103 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.376936913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.376952887 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.377253056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.377307892 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.385525942 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.385636091 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.385672092 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.385698080 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.385904074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.385938883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.385953903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.385972977 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.386035919 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.386465073 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.386498928 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.386534929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.386549950 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.386569023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.386605024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.386626005 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.386639118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.386684895 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.387125969 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.387161016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.387207985 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.397617102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.397723913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.397757053 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.397787094 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.398037910 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.398072958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.398096085 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.398107052 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.398142099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.398169041 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.398634911 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.398669958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.398693085 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.398703098 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.398742914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.398757935 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.399251938 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.399286032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.399311066 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.399319887 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.399355888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.399374008 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.399410963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.399475098 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.399483919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.400155067 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.400190115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.400213957 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.400224924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.400275946 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.407566071 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.407681942 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.407715082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.407919884 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.407989979 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408024073 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408051968 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.408058882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408114910 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.408150911 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408515930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408550024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408571959 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.408584118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408633947 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.408782959 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408834934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408869028 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408883095 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.408902884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408940077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.408957005 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.408967972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.409035921 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.416512012 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.416605949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.416639090 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.416661024 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.416749001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.416800022 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.416846037 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.416881084 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.416913986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.416932106 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.416976929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.417032003 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.417371988 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.422576904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.422658920 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.422672033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.422707081 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.422760963 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.422857046 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.422892094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.422940016 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.423094034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.423127890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.423182011 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.430650949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.430733919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.430768013 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.430794001 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.431020975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.431054115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.431075096 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.431090117 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.431128025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.431145906 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.431555986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.431608915 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.431611061 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.431644917 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.431678057 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.431699991 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.431713104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.431762934 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.432315111 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.432349920 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.432382107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.432400942 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.432416916 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.432449102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.432470083 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.432482958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.432535887 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.433051109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.433087111 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.433145046 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.433177948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.433212996 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.433264971 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.448375940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.448533058 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.448565006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.448595047 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.448623896 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.448658943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.448682070 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.448698044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.448754072 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.448950052 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.448985100 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.449033976 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.449218035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.449351072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.449385881 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.449408054 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.449651957 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.449687004 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.449711084 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.449873924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.449908972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.449932098 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.460592985 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.460659027 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.460714102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.460751057 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.460900068 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.461078882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.461112022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.461160898 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.461338997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.461374044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.461421967 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.471726894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.471844912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.471874952 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.471939087 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.471986055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.472038031 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.472039938 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.472075939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.472110033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.472134113 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.472590923 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.472626925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.472651958 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.472899914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.472934008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.472961903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.472966909 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.473002911 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.473027945 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.473036051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.473072052 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.473088026 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.473825932 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.473862886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.473897934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.473913908 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.473934889 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.473942995 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.473964930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.474029064 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.474273920 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.474308014 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.474378109 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.485460043 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.485569000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.485603094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.485632896 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.485819101 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.485852957 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.485872984 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.485888004 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.485923052 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.485934973 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.486331940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.486388922 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.486466885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.486537933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.486572027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.486588001 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.486605883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.486641884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.486654997 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.487159967 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.487194061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.487216949 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.487229109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.487262964 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.487276077 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.487298012 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.487332106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.487344980 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.488049030 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.488084078 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.488105059 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.488120079 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.488167048 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.500257015 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.500307083 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.500365973 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.500391006 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.500400066 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.500437021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.500454903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.500474930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.500523090 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.500838995 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.500973940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.501008987 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.501029968 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.501044989 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.501079082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.501092911 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.501116991 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.501163960 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.501669884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.501703978 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.501766920 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.505835056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.505906105 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.505942106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.505960941 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.505978107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.506014109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.506025076 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.506048918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.506088972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.506104946 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.506216049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.506268978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.509553909 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.509666920 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.509722948 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.509747028 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.509783983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.509819031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.509839058 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.509852886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.509887934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.509902000 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.509923935 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.509973049 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.518959999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.518990993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.519026041 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.519047022 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.519107103 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.519141912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.519165039 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.519263983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.519299984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.519320965 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.519839048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.519872904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.519902945 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.519910097 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.519944906 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.519961119 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.519983053 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.520030022 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.520425081 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.520459890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.520530939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.520531893 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.520593882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.520629883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.520651102 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.520663977 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.520714998 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.521085024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.521117926 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.521164894 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.521249056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.521284103 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.521318913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.521331072 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.534894943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.534982920 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.534997940 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.535022974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.535196066 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.535216093 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.535250902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.535284042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.535301924 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.535320044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.535367012 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.535732985 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.535823107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.535938978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.535948038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.535984993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.536039114 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.536247015 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.536282063 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.536317110 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.536345005 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.536345005 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.536398888 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.546842098 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.546950102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.546979904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.547009945 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.547120094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.547153950 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.547188044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.547224998 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.547282934 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.547282934 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.547684908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.547745943 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.558542013 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.558698893 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.558732033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.558759928 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.558938980 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.558989048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.559012890 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.559024096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.559058905 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.559078932 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.563184023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563218117 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563246965 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.563252926 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563288927 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563304901 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.563323021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563355923 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563368082 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.563407898 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563441992 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563456059 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.563474894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563508034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563519001 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.563544035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563577890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563591957 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.563615084 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.563673019 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.571832895 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.571935892 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.571969986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.571999073 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.572220087 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.572252035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.572274923 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.572288036 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.572323084 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.572338104 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.572762966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.572798967 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.572823048 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.572942019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.572976112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.573003054 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.573010921 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.573048115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.573061943 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.573501110 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.573534966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.573559046 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.573568106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.573604107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.573621035 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.573637962 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.573671103 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.573685884 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.573709011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.573755980 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.574338913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.574371099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.574404001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.574419975 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.586383104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.586416960 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.586432934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.586493015 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.586663961 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.586675882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.586690903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.586707115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.586730003 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.586777925 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.586816072 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.587176085 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.587285042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.587310076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.587326050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.587340117 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.587342024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.587359905 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.587376118 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.587378025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.587476969 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.588100910 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.588169098 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.592130899 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.592256069 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.592289925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.592319012 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.592601061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.592636108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.592658043 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.592830896 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.592865944 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.592889071 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.595144987 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.595201969 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.595204115 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.595233917 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.595283031 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.595356941 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.595438957 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.595473051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.595488071 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.595508099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.595554113 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.595788002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.603571892 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.603652000 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.603737116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.603766918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.603816986 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.603863001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.603897095 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.603931904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.603946924 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.603965998 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.604010105 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.604321003 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.604355097 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.604387999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.604398966 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.604624033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.604659081 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.604684114 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.604691982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.604727983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.604739904 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.604763031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.604809999 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.621337891 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.621443987 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.621476889 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.621515989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.621772051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.621824026 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.621838093 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.621860027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.621895075 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.621908903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.621931076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.621982098 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.622426033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.622461081 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.622495890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.622503042 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.622529984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.622564077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.622577906 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.622598886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.622646093 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.623308897 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.623338938 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.623374939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.623397112 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.623428106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.623460054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.623481035 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.623493910 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.623526096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.623538017 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.623562098 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.623608112 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.624108076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.633366108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.633415937 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.633446932 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.633513927 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.633548021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.633685112 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.633753061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.633788109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.633802891 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.633822918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.633869886 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.634339094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645035982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645133018 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645158052 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.645169020 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645220995 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.645281076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645318031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645366907 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.645555019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645589113 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645623922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645637989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.645663977 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645699024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.645716906 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.646155119 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.646188974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.646215916 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.646223068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.646258116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.646269083 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.646294117 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.646327019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.646341085 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.646368027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.646420956 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.646967888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.647002935 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.647036076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.647057056 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.647069931 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.647116899 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.658281088 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.658447981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.658482075 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.658514977 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.658658981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.658691883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.658727884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.658818007 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.658818007 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.659060001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.659095049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.659130096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.659143925 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.659539938 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.659574032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.659598112 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.659610033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.659643888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.659670115 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.659677982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.659725904 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.660218000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.660252094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.660284042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.660299063 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.660324097 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.660357952 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.660368919 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.660392046 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.660424948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.660439014 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.707820892 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.997594118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.997688055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.997745037 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.997780085 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.997792006 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.997814894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.997840881 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.997849941 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.997886896 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.997957945 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.998234034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.998267889 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.998301029 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.998301029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.998336077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.998353004 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.998370886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.998404026 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.998420000 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.998439074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.998487949 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.999172926 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.999202967 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.999234915 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.999252081 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.999270916 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.999300957 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.999321938 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.999334097 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.999368906 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.999389887 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:08.999433041 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:08.999492884 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.000089884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.000125885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.000159025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.000174046 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.000193119 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.000221968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.000251055 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.000255108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.000291109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.000303984 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.000324011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.000360966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.000370026 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.000413895 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.000981092 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.001013994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.001041889 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.001049995 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.001096964 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.001447916 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.001481056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.001514912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.001530886 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.001548052 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.001580954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.001596928 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.001617908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.001674891 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.002392054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.002428055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.002461910 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.002485037 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.002494097 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.002526999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.002547026 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.002563000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.002598047 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.002614021 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.002634048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.002681017 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.003369093 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.003422022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.003452063 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.003478050 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.003484964 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.003519058 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.003537893 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.003552914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.003587008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.003601074 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.003621101 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.003668070 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.004163980 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.004199028 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.004232883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.004255056 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.004266024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.004300117 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.004314899 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.004333973 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.004367113 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.004386902 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.004400969 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.004447937 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.005105972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.005140066 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.005173922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.005193949 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.005208969 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.005244017 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.005261898 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.005279064 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.005311966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.005326033 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.005348921 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.005400896 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.005940914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.005975008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006006956 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006031036 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.006041050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006093025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006103039 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.006127119 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006160975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006174088 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.006196976 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006243944 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.006817102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006856918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006890059 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006903887 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.006923914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006957054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.006970882 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.006990910 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.007024050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.007038116 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.007060051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.007111073 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.007801056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.007853031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.007885933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.007906914 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.007920027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.007952929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.007966995 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.007987022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.008021116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.008033991 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.008743048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.008775949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.008799076 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.008809090 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.008845091 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.008865118 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.008877993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.008910894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.008924961 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.008945942 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.008977890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.008994102 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.009588003 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.009624004 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.009644032 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.009658098 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.009691000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.009710073 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.009723902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.009758949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.009773970 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.009790897 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.009824038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.009843111 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.010385990 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.010420084 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.010445118 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.010453939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.010489941 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.010505915 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.010524988 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.010559082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.010572910 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.010591984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.010632038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.010641098 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.011188984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.011224031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.011249065 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.011256933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.011291027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.011296988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.011323929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.011360884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.011375904 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.011413097 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.011445999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.011466980 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.011478901 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.011532068 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.011965036 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.011998892 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012051105 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.012299061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012332916 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012366056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012384892 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.012398958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012432098 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012453079 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.012465954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012499094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012518883 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.012533903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012566090 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012583971 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.012598991 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.012645960 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.013153076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.013187885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.013254881 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.013258934 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.013288975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.013324022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.013336897 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.013359070 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.013392925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.013405085 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.013426065 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.013459921 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.013478994 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.013494015 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.013540030 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.014245033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.014278889 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.014312029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.014323950 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.014347076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.014379978 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.014400959 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.014414072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.014446974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.014461040 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.014480114 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.014513016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.014528036 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.014545918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.014592886 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.015276909 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.015311956 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.015345097 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.015362024 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.015378952 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.015430927 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.015430927 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.015465975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.015500069 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.015516043 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.015533924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.015568018 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.015582085 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.015603065 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.015659094 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.016119957 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016155005 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016187906 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016204119 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.016222000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016256094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016268969 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.016289949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016324043 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016345024 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.016357899 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016391993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016407013 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.016426086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016473055 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.016964912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.016999960 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.017049074 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.017050982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.017086029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.017118931 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.017133951 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.017153978 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.017187119 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.017210007 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.017220974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.017256021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.017271042 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.017307997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.017354965 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.018028975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018064022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018099070 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018131971 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018132925 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.018167019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018182039 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.018202066 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018235922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018249989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.018270016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018301964 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018315077 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.018337011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018383980 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.018879890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018913984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018948078 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.018970013 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.018980980 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019016027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019032955 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.019056082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019088030 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019118071 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.019121885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019155979 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019172907 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.019188881 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019237041 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.019754887 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019788980 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019821882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019839048 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.019855976 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019890070 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019906998 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.019922972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019957066 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.019972086 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.019992113 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020024061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020040989 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.020056963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020092010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020106077 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.020781040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020816088 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020848989 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020864010 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.020884991 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020906925 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.020920038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020952940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020986080 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.020998955 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.021020889 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021049976 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.021054983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021087885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021121025 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.021121979 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021182060 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.021650076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021684885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021718025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021752119 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021753073 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.021800995 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.021802902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021840096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021872044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021887064 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.021905899 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021939993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.021956921 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.021974087 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022007942 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022022963 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.022545099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022562981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022579908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022597075 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022603035 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.022614002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022631884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022639036 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.022649050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022665024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022682905 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022691011 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.022701025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022717953 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.022722960 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.022779942 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.023390055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023406029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023432016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023447990 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023463011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023471117 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.023482084 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023497105 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023505926 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.023514032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023529053 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023546934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023562908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.023565054 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.023593903 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.024377108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024394035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024408102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024424076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024440050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024449110 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.024456024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024471998 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024485111 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.024488926 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024506092 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024523973 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024539948 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.024542093 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024559021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024570942 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.024574995 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.024596930 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.024635077 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.025336981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025352955 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025368929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025386095 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025409937 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025453091 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.025480986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025496006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025511980 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025526047 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025535107 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.025542974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025557995 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025562048 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.025574923 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.025610924 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.025633097 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.026209116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026223898 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026240110 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026257038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026272058 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026288033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026292086 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.026304007 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026321888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026336908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026345015 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.026360035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026384115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026386023 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.026401997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.026418924 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.026444912 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.027028084 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027043104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027059078 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027074099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027086973 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027113914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027128935 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027132034 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.027146101 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027163029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027178049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027180910 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.027194023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027209997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.027214050 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.027246952 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.027268887 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.028086901 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028103113 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028117895 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028134108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028148890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028163910 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028179884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028194904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028194904 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.028211117 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028228045 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028244019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028247118 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.028260946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028275013 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.028276920 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028309107 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.028956890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028975010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.028990984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029006004 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029019117 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.029021978 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029041052 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029050112 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.029057980 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029073954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029090881 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029107094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029109955 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.029124022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029140949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029153109 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.029167891 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.029690027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029750109 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.029933929 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029949903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029964924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029982090 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.029997110 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030006886 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.030016899 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030031919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030047894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030056953 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.030064106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030081034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030085087 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.030098915 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030114889 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030121088 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.030132055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030148029 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.030185938 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.030858040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030874014 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030889034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030905962 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030915976 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.030925035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030941963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030956984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030963898 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.030972958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.030988932 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031004906 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031013966 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.031022072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031038046 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031050920 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.031055927 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031073093 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031092882 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.031122923 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.031766891 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031784058 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031805992 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031827927 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.031830072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031847954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031866074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031872988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.031883001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031900883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031915903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.031919956 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.031960964 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.031987906 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.053911924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.053971052 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054004908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054042101 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.054111958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054145098 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054172039 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.054177999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054214954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054244995 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.054394007 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054426908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054445982 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.054461002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054496050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054517031 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.054771900 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054805994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054837942 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054837942 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.054872990 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054896116 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.054905891 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054938078 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054970026 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.054996967 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.055005074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055037975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055042028 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.055074930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055109978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.055432081 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055464983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055499077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055531025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055543900 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.055562973 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.055563927 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055598021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055622101 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.055632114 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055665970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055679083 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.055700064 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055751085 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.055756092 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.056113958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.056147099 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.056164980 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.056180954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.056216002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.056226969 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.056248903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.056283951 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.056297064 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.093350887 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.093408108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.093441010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.093446970 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.093498945 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.093512058 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.093641996 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.093674898 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.093810081 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.093821049 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.093842983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.093863964 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.093878031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.093910933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.093939066 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.094151974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094186068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094203949 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.094219923 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094253063 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094269991 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.094288111 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094321966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094337940 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.094356060 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094388962 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094403982 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.094425917 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094471931 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.094834089 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094885111 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094918966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094934940 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.094953060 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.094986916 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095001936 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.095021963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095057964 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095081091 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.095108986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095143080 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095159054 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.095175028 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095208883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095223904 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.095242023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095276117 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095285892 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.095793962 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095828056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095845938 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.095863104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095897913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095910072 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.095932007 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095964909 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.095979929 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.095999002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.096033096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.096045017 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.099669933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.099728107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.099739075 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.099766016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.099817038 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.099868059 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.099900961 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.099934101 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.099944115 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.099968910 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100017071 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.100158930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100193024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100225925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100236893 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.100258112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100297928 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100311041 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.100332022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100367069 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100380898 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.100678921 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100712061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100730896 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.100744963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100779057 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100794077 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.100814104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100847006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100861073 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.100879908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100914001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100928068 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.100949049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.100981951 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.101001024 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.101015091 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.101047993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.101068974 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.101080894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.101114988 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.101130009 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.101193905 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.101243973 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.101902008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.101936102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.101969957 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.101986885 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.102003098 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.102035999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.102050066 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.140310049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140402079 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140403032 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.140435934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140552998 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140585899 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140608072 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.140619993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140634060 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.140655994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140690088 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140701056 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.140856981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140891075 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140908957 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.140928984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.140984058 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.141158104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141191006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141225100 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141242027 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.141259909 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141294003 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141314030 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.141329050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141361952 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141381025 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.141654015 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141686916 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141711950 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.141721010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141755104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141766071 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.141788960 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141819954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141844988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.141854048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141886950 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141902924 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.141922951 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141954899 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.141968966 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.141988993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.142024040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.142038107 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.142505884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.142563105 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.142573118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.142610073 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.142642975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.142658949 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.142678022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.142713070 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.142724991 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.179558039 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.179658890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.179680109 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.179737091 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.179807901 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.179871082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.179903984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.179939032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.179965019 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.179971933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180006981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180027008 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.180155039 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180186987 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180214882 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.180221081 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180255890 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180269957 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.180289984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180335999 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.180533886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180562973 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180596113 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180609941 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.180633068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180665970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180680037 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.180700064 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180733919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180747032 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.180773020 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.180819035 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.181096077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181124926 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181157112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181179047 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.181194067 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181226015 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181246042 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.181260109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181294918 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181308031 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.181329966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181364059 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181377888 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.181397915 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181431055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181444883 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.181500912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181534052 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181545973 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.181571007 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.181621075 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.181997061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.182029009 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.182061911 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.182076931 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.182106972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.182142973 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.182154894 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.182178020 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.182212114 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.182236910 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.182251930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.182287931 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.182301998 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.185913086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.185967922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.185975075 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.186002970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186054945 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.186110973 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186144114 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186178923 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186191082 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.186213970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186247110 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186268091 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.186342955 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186378002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186400890 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.186534882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186568975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186592102 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.186604977 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186640024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186655045 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.186674118 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186707020 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186722040 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.186739922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186774969 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186786890 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.186930895 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186965942 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.186980963 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.187001944 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187048912 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.187069893 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187164068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187196016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187211990 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.187230110 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187278032 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.187314034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187346935 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187381029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187397003 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.187438011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187469959 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187488079 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.187537909 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187572002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187589884 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.187606096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187638998 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187654018 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.187674046 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187709093 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.187721014 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.226819992 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.226903915 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.227072954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227108002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227140903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227159977 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.227176905 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227210999 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227225065 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.227246046 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227279902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227293968 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.227364063 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227406025 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.227415085 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227451086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227483988 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227499008 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.227519035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227566004 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.227811098 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227844000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227878094 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227896929 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.227910995 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227945089 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.227962017 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.227978945 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228043079 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.228046894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228123903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228157043 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228171110 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.228188038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228220940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228235006 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.228256941 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228302956 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.228543997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228595972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228629112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228655100 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.228662014 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228697062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228722095 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.228729963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228765011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228780031 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.228799105 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228832960 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228847980 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.228867054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.228912115 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.266161919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266297102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266350985 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266355991 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.266387939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266421080 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266438007 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.266458035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266506910 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.266604900 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266638041 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266671896 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266686916 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.266705990 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266740084 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266753912 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.266774893 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.266824007 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.267081976 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267160892 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267194033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267216921 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.267227888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267261982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267286062 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.267294884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267328024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267348051 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.267360926 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267411947 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267421007 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.267445087 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267478943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267488956 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.267513990 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267561913 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.267788887 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267822981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267858982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267872095 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.267925978 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267960072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.267976046 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.267995119 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268049002 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.268129110 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268162012 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268212080 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268219948 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.268263102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268296957 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268320084 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.268332005 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268364906 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268390894 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.268399000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268434048 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268452883 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.268466949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268501043 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268512011 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.268913031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268949986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.268963099 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.268980026 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.269026041 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.272412062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272519112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272553921 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272578001 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.272587061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272622108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272653103 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.272655964 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272690058 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272716045 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.272723913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272778988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.272900105 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272934914 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272968054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.272981882 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.272998095 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273031950 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273045063 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.273066044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273098946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273113012 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.273134947 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273180008 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.273279905 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273314953 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273348093 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273377895 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.273381948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273416042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273439884 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.273627043 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273659945 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273684025 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.273694038 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273729086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273751020 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.273761988 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273798943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273808002 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.273835897 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273881912 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.273920059 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273952961 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.273987055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.274005890 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.274019957 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.274065018 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.274132013 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.274164915 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.274198055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.274209023 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.274229050 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.274332047 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.313142061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313272953 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313307047 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313344955 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.313370943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313405037 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313424110 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.313437939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313472033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313489914 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.313505888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313555956 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.313810110 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313843966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313878059 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.313899994 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.314106941 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314137936 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314161062 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.314171076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314204931 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314235926 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.314239025 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314274073 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314306974 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314311028 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.314344883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314361095 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.314383984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314434052 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.314555883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314589024 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314621925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314636946 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.314660072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314707994 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.314941883 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.314975023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.315009117 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.315041065 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.315042019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.315077066 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.315090895 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.315114021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.315148115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.315165043 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.315184116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.315217018 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.315233946 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.315252066 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.315316916 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.353099108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353132963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353168011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353219032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353226900 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.353251934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353286028 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353321075 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353389978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.353389978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.353490114 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353523016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353545904 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.353559017 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353593111 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353610992 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.353629112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353662968 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353681087 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.353955030 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.353987932 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354007006 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.354022026 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354055882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354077101 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.354089975 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354123116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354142904 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.354156017 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354191065 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354208946 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.354432106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354464054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354485035 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.354497910 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354532003 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354563951 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354568005 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.354624987 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.354731083 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354763985 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354796886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354813099 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.354850054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354883909 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354898930 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.354917049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.354965925 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.355004072 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355037928 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355072021 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355086088 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.355104923 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355138063 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355159044 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.355171919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355206013 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355226994 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.355721951 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355756044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355783939 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.355789900 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355830908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.355846882 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.358684063 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.358782053 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.358784914 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.358815908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.358859062 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.358867884 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.358902931 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.358937979 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.358958006 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.358978987 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359026909 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.359091997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359127045 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359158993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359184027 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.359194040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359236002 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.359371901 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359420061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359452963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359471083 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.359487057 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359520912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359530926 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.359555006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359601974 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.359651089 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359683990 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359715939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359724045 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.359751940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359783888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359812021 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.359870911 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359905005 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.359916925 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.360008001 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360040903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360059023 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.360075951 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360116959 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360126019 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.360280037 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360312939 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360340118 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.360347033 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360383987 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.360430002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360464096 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360497952 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360508919 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.360529900 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360563993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360584021 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.360598087 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.360644102 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.399518013 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.399549007 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.399584055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.399614096 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.399661064 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.399694920 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.399727106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.399761915 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.399827003 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.399827003 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.400000095 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400032997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400047064 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.400067091 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400099993 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400110960 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.400135040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400162935 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400178909 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.400413990 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400449991 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400471926 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.400505066 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400552988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.400593042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400629044 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400661945 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400671959 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.400782108 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400815010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400827885 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.400849104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400882006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400890112 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.400917053 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400949955 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.400962114 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.400984049 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401021957 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401027918 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.401384115 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401417017 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401443958 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.401451111 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401484966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401510954 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.401519060 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401551962 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401566029 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.401587963 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401654005 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.401680946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401715994 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.401878119 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.439409971 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439452887 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439502001 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.439510107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439544916 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439579010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439608097 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.439630985 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439667940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439699888 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.439804077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439838886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439863920 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.439872980 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439905882 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439925909 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.439939022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439975023 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.439989090 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.440129042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440159082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440176010 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.440192938 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440227032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440237045 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.440259933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440293074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440304995 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.440324068 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440356970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440376997 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.440589905 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440624952 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440646887 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.440658092 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440691948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440701962 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.440943003 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440975904 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.440999031 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.441009998 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441045046 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441061974 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.441081047 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441116095 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441128016 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.441149950 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441183090 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441193104 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.441216946 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441248894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441261053 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.441288948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441318989 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441330910 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.441658020 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441690922 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441724062 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.441725016 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441771030 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.441777945 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441812992 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441845894 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441880941 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441914082 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.441919088 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.441941977 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.445422888 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.445477009 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.445482016 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.445513010 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.445559978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.445635080 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.445667982 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.445702076 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.445708990 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.445739031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.445785046 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.445823908 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.445961952 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.445996046 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446011066 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.446029902 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446063042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446072102 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.446096897 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446135998 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.446238041 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446270943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446302891 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446310043 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.446336031 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446369886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446378946 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.446404934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446438074 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446448088 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.446475029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446520090 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.446803093 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446835995 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446867943 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446876049 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.446902037 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446935892 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.446943998 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.446969032 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.447001934 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.447010040 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.447036028 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.447068930 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.447074890 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.447101116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.447135925 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.447139978 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.447185040 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.447222948 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.447226048 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.485858917 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.485972881 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486000061 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.486013889 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486063957 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.486080885 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486114979 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486149073 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486182928 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486217976 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486309052 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.486341000 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486392975 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.486457109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486509085 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486542940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486552954 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.486577034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486613035 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486623049 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.486648083 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486690998 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.486702919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486737013 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486771107 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.486782074 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.487088919 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487122059 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487139940 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.487157106 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487190008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487201929 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.487224102 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487257004 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487267017 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.487292051 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487325907 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487334967 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.487360954 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487404108 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.487416029 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487452984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487498999 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.487792969 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487826109 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487859011 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487870932 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.487891912 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487926006 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487941027 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.487961054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.487993002 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.488010883 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.488048077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.488091946 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.525768042 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.525871992 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.525922060 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.525944948 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.525958061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526010036 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526014090 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526047945 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526093006 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526101112 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526151896 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526185989 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526201963 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526217937 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526251078 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526271105 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526287079 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526340008 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526344061 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526391983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526426077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526443005 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526463985 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526496887 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526508093 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526530981 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526561022 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526571035 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526595116 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526633978 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526640892 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526813984 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526846886 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526861906 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526881933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.526932001 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.526978970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527013063 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527062893 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527062893 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.527100086 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527133942 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527148008 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.527167082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527216911 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.527482986 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527542114 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527575970 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527592897 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.527606964 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527640104 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527652979 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.527674913 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527708054 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527721882 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.527744055 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527780056 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.527796984 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.528012991 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.528047085 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.528067112 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.528080940 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.528115034 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.528129101 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.528150082 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.528182983 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.528197050 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.528217077 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.528250933 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.528265953 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.528285027 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.528326988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.532144070 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532272100 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532301903 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532330990 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.532352924 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532387972 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532402039 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.532423019 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532458067 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532469988 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.532561064 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532593966 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532613993 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.532629967 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532664061 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532675982 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.532700062 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532759905 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.532831907 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532865047 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532897949 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532911062 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.532932997 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.532974958 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.532974958 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:09.533036947 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.533287048 CEST497303752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:09.538129091 CEST375249730147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:12.589440107 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:12.589493990 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:12.589765072 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:12.600761890 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:12.600786924 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:13.298479080 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:13.298670053 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:13.311480999 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:13.311496973 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:13.311795950 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:13.364079952 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.021203995 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.067401886 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.250526905 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.250588894 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.250611067 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.250634909 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.250663042 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.250732899 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.250732899 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.250737906 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.250767946 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.250798941 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.250798941 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.250868082 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.250889063 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.251019001 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.251033068 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.251116037 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.251197100 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.909820080 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.909820080 CEST49731443192.168.2.4172.202.163.200
                                    Oct 5, 2024 14:33:14.909857035 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:14.909879923 CEST44349731172.202.163.200192.168.2.4
                                    Oct 5, 2024 14:33:17.860646963 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:17.866193056 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:17.866444111 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:17.866444111 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:17.871848106 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:17.899341106 CEST4972380192.168.2.42.16.100.168
                                    Oct 5, 2024 14:33:17.904866934 CEST80497232.16.100.168192.168.2.4
                                    Oct 5, 2024 14:33:17.904928923 CEST4972380192.168.2.42.16.100.168
                                    Oct 5, 2024 14:33:18.505462885 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:18.505510092 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:18.505665064 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:18.513881922 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:18.518867970 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:18.711292028 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:18.711564064 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:18.717283964 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:18.906443119 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:18.908830881 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:18.914200068 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:18.917773962 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:18.923136950 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.259655952 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.262460947 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.267362118 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.267451048 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.272420883 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.547178984 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.547204018 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.547369957 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.642704010 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.642831087 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.642976999 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.643038034 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.647701025 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.647891998 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.647901058 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.647926092 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.647999048 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.648030996 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.648060083 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.648112059 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.648164034 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.648191929 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.648194075 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.648194075 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.648220062 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.648236990 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.648253918 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.648253918 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.648293018 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.648307085 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.652731895 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.652772903 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.652812004 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.652903080 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.652903080 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.653300047 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.653403044 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.653434038 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.653491020 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.653520107 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.653548956 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.653561115 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.653562069 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.653562069 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.653577089 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.653660059 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.653660059 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.653708935 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.653708935 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.653780937 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.653829098 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.654078960 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.654079914 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:19.658492088 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.658917904 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.658961058 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.658989906 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659018040 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659080029 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659109116 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659136057 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659163952 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659189939 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659245968 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659275055 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659301996 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659328938 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659356117 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659413099 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659440994 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659492970 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659519911 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659548044 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659574986 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659601927 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.659631014 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:19.663513899 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.040515900 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.082834959 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.084851980 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.084995031 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.085084915 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.382329941 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.382405996 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.395342112 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.595213890 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.595359087 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.595417023 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.595453978 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.595480919 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.595511913 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.595541954 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.595607996 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.595607996 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.595607996 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.595706940 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.595735073 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.595788002 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.595814943 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.595844030 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.600524902 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.600553989 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.600609064 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.600677967 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.600750923 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.600779057 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.601104975 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.601134062 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.601526022 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.605650902 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.898114920 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.942229986 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.949271917 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.949407101 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.949491024 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.949589014 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.954322100 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.954370022 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.954400063 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.954404116 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:20.954483986 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.954511881 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.954544067 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.954572916 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.954600096 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.954626083 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.954653025 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.959122896 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.959151030 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.959573984 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:20.959703922 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:21.145389080 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:21.192235947 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:22.145524025 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:22.150697947 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:22.150763988 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:22.155714989 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:22.472676039 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:22.472734928 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:22.472769976 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:22.472819090 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:22.472913980 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:22.472978115 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:22.473052025 CEST497373752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:22.480079889 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:22.480122089 CEST375249737147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:27.473907948 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:27.479501009 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:27.479609013 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:27.479717016 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:27.484570026 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.151633024 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.151686907 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.151758909 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:28.164458036 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:28.169435024 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.376712084 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.380419970 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:28.387181044 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.576433897 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.581753016 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:28.586626053 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.586707115 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:28.591523886 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.916816950 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.919135094 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:28.924053907 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:28.924113035 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:28.929018974 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.218862057 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.218913078 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.218950987 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.218990088 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.218998909 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.219038963 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.219043970 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.219137907 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.219191074 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.219192028 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.227148056 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.227204084 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.227206945 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.227241993 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.227288008 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.235539913 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.235701084 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.235733032 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.235755920 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.245896101 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.245968103 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.246053934 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.246084929 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.246136904 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.253978968 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.254012108 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.254071951 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.309571028 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.310165882 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.310230970 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.318825006 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.318851948 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.318867922 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.318897009 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.326141119 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.326199055 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.326248884 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.326282024 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.326329947 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.332175016 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.332230091 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.332262039 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.332278013 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.340926886 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.340986013 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.341028929 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.341061115 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.341103077 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.348834038 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.348889112 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.348917961 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.348946095 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.349246025 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.349302053 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.357188940 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.357247114 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.357279062 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.357300043 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.365953922 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.366014004 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.366050959 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.366082907 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.366132975 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.374269962 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.374325037 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.374356985 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.374381065 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.380234003 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.380310059 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.380337000 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.380347013 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.380398989 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:29.400042057 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:29.442256927 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:31.774868011 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:31.812760115 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:31.812859058 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:31.818269014 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.123219013 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.123250961 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.123271942 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.123286963 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.123303890 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.123454094 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.123454094 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.126693964 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.126758099 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.126769066 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.126792908 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.126858950 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.131155014 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.131213903 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.131246090 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.131268024 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.136015892 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.136073112 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.136085033 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.136156082 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.136208057 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.141261101 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.141400099 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.141431093 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.141463995 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.141464949 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.141514063 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.145571947 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.145625114 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.145659924 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.145693064 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.145733118 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.145788908 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.150470018 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.150527000 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.150559902 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.150588989 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.162641048 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.162699938 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.162734985 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.162818909 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.162818909 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.162894964 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.162935972 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.162990093 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.164764881 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.164822102 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.164854050 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.164875031 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.169464111 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.169523001 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.169568062 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.169599056 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.169650078 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.175242901 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.175333977 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.175370932 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.175434113 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.179861069 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.179919958 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.179928064 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.179955006 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.180013895 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.187089920 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.187119961 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.187175989 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.187191963 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.187206030 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.187274933 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.211937904 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.211954117 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.211998940 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.212045908 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.212151051 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.212151051 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.220786095 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.220885992 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.220902920 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.220942020 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.221005917 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.221023083 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.221060038 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.221426964 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.221474886 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.221497059 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.221513987 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.221571922 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.221612930 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.221667051 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.221704960 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.221730947 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.222069979 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.222178936 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.222187996 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.222212076 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.222263098 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.222522974 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.222557068 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.222592115 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.222611904 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.222950935 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.222985029 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.223016977 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.223016977 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.223067999 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.226969004 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.227037907 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.227070093 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.227094889 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.231769085 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.231863022 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.231873989 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.231964111 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.231997013 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.232017040 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.236587048 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.236654043 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.236706018 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.236779928 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.236833096 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.241404057 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.241456985 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.241488934 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.241518974 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.246525049 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.246604919 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.246622086 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.246638060 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.246692896 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.250999928 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.251054049 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.251085997 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.251120090 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.255908012 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.255999088 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.256000996 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.256033897 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.256087065 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.262018919 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.262074947 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.262108088 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.262132883 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.265386105 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.265439987 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.265450954 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.265471935 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.265521049 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.270802975 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.270838022 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.270911932 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.270950079 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.274899960 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.274955034 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.274969101 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.274986982 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.275038958 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.279886961 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.280019999 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.280050039 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.280081034 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.280082941 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.280138016 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.284338951 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.284435034 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.284465075 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.284496069 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.284497023 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.284549952 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.288281918 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.288336039 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.288367033 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.288398981 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.292453051 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.292522907 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.292551994 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.292584896 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.292634964 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.296499968 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.296639919 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.296672106 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.296705961 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.300574064 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.300626993 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.300646067 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.300658941 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.300709009 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.304410934 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.304464102 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.304496050 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.304527998 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.308533907 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.308585882 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.308598995 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.308617115 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.308666945 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.313244104 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.313278913 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.313314915 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.313430071 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.316320896 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.316418886 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.316437006 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.316447973 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.316479921 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.316500902 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.320334911 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.320386887 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.320405960 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.320419073 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.320473909 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.324877977 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.324932098 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.324960947 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.324985981 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.324992895 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.325042963 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.328389883 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.328423977 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.328455925 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.328478098 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.332757950 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.332791090 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.332824945 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.332989931 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.334923983 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.334955931 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.334990025 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.335031986 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.337898970 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.337953091 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.337960958 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.337985039 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.338033915 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.339258909 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.339359045 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.339411020 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.339432955 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.339461088 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.339512110 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.341202974 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.341305017 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.341336012 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.341363907 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.342784882 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.342848063 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.342895985 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.342926025 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.342978954 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.344302893 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.344357014 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.344391108 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.344413042 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.346304893 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.346359015 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.346365929 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.346390009 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.346440077 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.348134995 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.348187923 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.348220110 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.348251104 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.349472046 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.349569082 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.349581957 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.349601030 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.349670887 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.350955963 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.351008892 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.351038933 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.351068974 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.352668047 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.352701902 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.352730989 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.352737904 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.352787971 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.354830980 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.354860067 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.354893923 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.354927063 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.354927063 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.354981899 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.356009960 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.356038094 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.356089115 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.356089115 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.356117964 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.356173038 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.357770920 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.357824087 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.357855082 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.357883930 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.361493111 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.361563921 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.361598969 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.361617088 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.361650944 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.361675978 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.361687899 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.361725092 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.361763000 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.362730026 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.362785101 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.362798929 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.362817049 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.362867117 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.364486933 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.364542007 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.364577055 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.364597082 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.366445065 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.366480112 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.366506100 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.366513014 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.366564035 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.368700981 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.368755102 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.368786097 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.368807077 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.369541883 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.369596958 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.369604111 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.369628906 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.369678974 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.371900082 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.371995926 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.372028112 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.372061014 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.373049021 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.373100996 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.373107910 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.373131990 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.373183012 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.379035950 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.379090071 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.379123926 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.379163980 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.379205942 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.379240036 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.379271984 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.379302025 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.379350901 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.379431009 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.379481077 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.379512072 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.379534960 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.380182981 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.380214930 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.380247116 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.380249023 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.380296946 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.381843090 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.381896019 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.381927013 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.381949902 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.387078047 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.387130022 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.387141943 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.426644087 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.621967077 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.627058029 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.627123117 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.632066011 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.965001106 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.965060949 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.965080976 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.965095997 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.965112925 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.965131044 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.965187073 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.965329885 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.965363979 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.965382099 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.965519905 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.966312885 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.966376066 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.966392040 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.966430902 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.968225956 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.968288898 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.968298912 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.968316078 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.968365908 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.968416929 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.968435049 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.968487978 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.970582008 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.970649958 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.970695019 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.970730066 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.970765114 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.970782042 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.970798969 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.970815897 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.970853090 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.971118927 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.971200943 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.971257925 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:32.971276999 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.971292019 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:32.971343040 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.055547953 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.098510981 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.129038095 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.136071920 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.136149883 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.143158913 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.451802969 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.452343941 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.452373981 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.452392101 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.452423096 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.452481985 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.453221083 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.453253031 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.453269958 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.453299999 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.453386068 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.453438997 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.453855991 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.453885078 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.453902006 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.453932047 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.456146002 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.456201077 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.456213951 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.456229925 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.456276894 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.456325054 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.456341982 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.456399918 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.456409931 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.456612110 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.456659079 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.456662893 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.456680059 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.456723928 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.457762003 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.457813025 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.457829952 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.457887888 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.458189011 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.458245039 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.458256006 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.458271027 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.458285093 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.458321095 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.459366083 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.459434986 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.459439993 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.459453106 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.459496975 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.460004091 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.460052967 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.460068941 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.460102081 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.460824966 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.460876942 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.460886955 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.460902929 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.460946083 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.461726904 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.461796045 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.461810112 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.461849928 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.462203979 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.462260962 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.462739944 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.462769032 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.462817907 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.462821007 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.462850094 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.462909937 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.463479996 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.463594913 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.463624954 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.463648081 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.463658094 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.463712931 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.464291096 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.464319944 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.464370012 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.464378119 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.464406967 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.464453936 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.465946913 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.466002941 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.466037035 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.466058016 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.466072083 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.466126919 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.466161013 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.466192961 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.466243982 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.466883898 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.466912031 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.466962099 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.466973066 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.467000961 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.467047930 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.467870951 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.467926025 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.467957973 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.467981100 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.468713045 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.468769073 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.468817949 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.468847990 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.468880892 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.468895912 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.469737053 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.469791889 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.469798088 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.469825029 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.469872952 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.470345020 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.470398903 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.470429897 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.470452070 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.470463991 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.470510006 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.471225023 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.471278906 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.471311092 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.471334934 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.472089052 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.472199917 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.472374916 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.472408056 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.472457886 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.473253965 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.473355055 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.473387003 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.473408937 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.473939896 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.473994970 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.474020004 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.474051952 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.474095106 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.474699020 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.474754095 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.474785089 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.474811077 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.476342916 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.476398945 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.476404905 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.476428986 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.476461887 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.476479053 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.476612091 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.476672888 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.476703882 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.476735115 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.476767063 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.476784945 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.477304935 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.477359056 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.477365971 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.477391958 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.477438927 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.478404999 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.478458881 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.478490114 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.478513002 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.478524923 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.478578091 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.479028940 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.479058027 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.479104996 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.479111910 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.479141951 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.479191065 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.479923010 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.479975939 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.480005980 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.480027914 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.480040073 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.480084896 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.480844021 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.480917931 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.480947971 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.480971098 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.480979919 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.481030941 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.482023954 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.482099056 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.482175112 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.482201099 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.482209921 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.482260942 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.483273983 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.483346939 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.483392954 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.483408928 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.483444929 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.483444929 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.484291077 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.484360933 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.484376907 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.484414101 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.484710932 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.484751940 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.484767914 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.484767914 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.484813929 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.485985994 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.486057997 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.486073017 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.486104965 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.486470938 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.486516953 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.486521959 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.486532927 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.486582994 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.487047911 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.487107992 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.487123966 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.487159014 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.487842083 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.487895012 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.487905979 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.487921953 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.487970114 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.488985062 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.489039898 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.489056110 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.489088058 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.489855051 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.489919901 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.489926100 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.489942074 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.489998102 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.490531921 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.490585089 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.490601063 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.490638971 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.536037922 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.543080091 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.543190002 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.543242931 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.543252945 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.543277025 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.543311119 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.543327093 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.543344975 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.543381929 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.543420076 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.545139074 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.545197010 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.545207024 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.545232058 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.545279026 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.545382977 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.545414925 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.545449972 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.545464039 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.545485973 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.545533895 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.547360897 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.547409058 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.547445059 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.547486067 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.547499895 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.547532082 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.547552109 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.547569036 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.547602892 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.547620058 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.547749043 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.547811985 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.550124884 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.550180912 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.550214052 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.550241947 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.550327063 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.550359964 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.550381899 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.550393105 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.550447941 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.550472021 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.561595917 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.561698914 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.561712027 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.561733007 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.561784983 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.561803102 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.561834097 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.561868906 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.561887026 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.561906099 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.561952114 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.562156916 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562190056 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562223911 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562251091 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.562258005 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562297106 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562318087 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.562334061 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562385082 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.562611103 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562642097 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562675953 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562691927 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.562710047 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562743902 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562757969 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.562777042 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562810898 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.562829971 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.563096046 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563128948 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563150883 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.563163996 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563196898 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563216925 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.563230991 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563265085 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563280106 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.563560963 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563591957 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563612938 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.563626051 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563658953 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563677073 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.563694000 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563726902 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563745022 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.563760996 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.563811064 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.563905954 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.564841032 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.564896107 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.564929008 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.564954042 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.564982891 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.565013885 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.565047026 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.565100908 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.565215111 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.565247059 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.565294027 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.565326929 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.567482948 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.567538023 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.567562103 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.567570925 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.567609072 CEST375249738147.45.126.71192.168.2.4
                                    Oct 5, 2024 14:33:33.567620993 CEST497383752192.168.2.4147.45.126.71
                                    Oct 5, 2024 14:33:33.567914963 CEST375249738147.45.126.71192.168.2.4

                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.449731172.202.163.200443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:14 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=uEnGmW4R2wLmeAx&MD=ZEn5E+1s HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept: */*
                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                    Host: slscr.update.microsoft.com
                                    2024-10-05 12:33:14 UTC560INHTTP/1.1 200 OK
                                    Cache-Control: no-cache
                                    Pragma: no-cache
                                    Content-Type: application/octet-stream
                                    Expires: -1
                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                    ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                    MS-CorrelationId: 6d428944-ab2f-4f30-b218-592277ee498e
                                    MS-RequestId: bcd93096-a7b5-432f-8b43-bad9d96c3d60
                                    MS-CV: NB/uifdQHE6FuW9E.0
                                    X-Microsoft-SLSClientCache: 2880
                                    Content-Disposition: attachment; filename=environment.cab
                                    X-Content-Type-Options: nosniff
                                    Date: Sat, 05 Oct 2024 12:33:14 GMT
                                    Connection: close
                                    Content-Length: 24490
                                    2024-10-05 12:33:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                    Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                    2024-10-05 12:33:14 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                    Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.457391172.202.163.200443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:42 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=uEnGmW4R2wLmeAx&MD=ZEn5E+1s HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept: */*
                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                    Host: slscr.update.microsoft.com
                                    2024-10-05 12:33:43 UTC560INHTTP/1.1 200 OK
                                    Cache-Control: no-cache
                                    Pragma: no-cache
                                    Content-Type: application/octet-stream
                                    Expires: -1
                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                    ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                    MS-CorrelationId: fad327fc-81f1-425a-8fd6-4a6b55f7e82d
                                    MS-RequestId: 9895a4c3-bce8-47bf-86d4-286410744196
                                    MS-CV: Fwj/4pquuUy+0oqv.0
                                    X-Microsoft-SLSClientCache: 1440
                                    Content-Disposition: attachment; filename=environment.cab
                                    X-Content-Type-Options: nosniff
                                    Date: Sat, 05 Oct 2024 12:33:41 GMT
                                    Connection: close
                                    Content-Length: 30005
                                    2024-10-05 12:33:43 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                    Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                    2024-10-05 12:33:43 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                    Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    2192.168.2.45739513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:55 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:55 UTC540INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:55 GMT
                                    Content-Type: text/plain
                                    Content-Length: 218853
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public
                                    Last-Modified: Mon, 30 Sep 2024 13:16:38 GMT
                                    ETag: "0x8DCE1521DF74B57"
                                    x-ms-request-id: 90766f9b-701e-006f-578c-15afc4000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123355Z-15767c5fc55qdcd62bsn50hd6s0000000du000000000d7wv
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:55 UTC15844INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                    Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                    2024-10-05 12:33:55 UTC16384INData Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e
                                    Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
                                    2024-10-05 12:33:55 UTC16384INData Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31
                                    Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
                                    2024-10-05 12:33:55 UTC16384INData Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20
                                    Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
                                    2024-10-05 12:33:55 UTC16384INData Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f
                                    Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
                                    2024-10-05 12:33:55 UTC16384INData Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a
                                    Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
                                    2024-10-05 12:33:55 UTC16384INData Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63
                                    Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
                                    2024-10-05 12:33:55 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e
                                    Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
                                    2024-10-05 12:33:55 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                    Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
                                    2024-10-05 12:33:55 UTC16384INData Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                    Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    3192.168.2.45739813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:56 UTC192OUTGET /rules/rule120100v3s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:56 UTC492INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:56 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1000
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                    ETag: "0x8DC582BB097AFC9"
                                    x-ms-request-id: a79f927d-a01e-0098-24c9-168556000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123356Z-1657d5bbd48brl8we3nu8cxwgn00000000w0000000003hwu
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:56 UTC1000INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 31 30 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 52 65 73 75 6d 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 49 20 54 3d 22 33 22 20 49 3d 22 33 30 73 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 35 22 3e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120100" V="3" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <A T="2" E="TelemetryResume" /> <TI T="3" I="30s" /> <R T="4" R="120100" /> <TH T="5">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    4192.168.2.45739713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:56 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:56 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:56 GMT
                                    Content-Type: text/xml
                                    Content-Length: 450
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                    ETag: "0x8DC582BD4C869AE"
                                    x-ms-request-id: b9d87bc4-001e-008d-138c-15d91e000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123356Z-15767c5fc55qdcd62bsn50hd6s0000000du000000000d804
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:56 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    5192.168.2.45740013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:56 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:56 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:56 GMT
                                    Content-Type: text/xml
                                    Content-Length: 2160
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                    ETag: "0x8DC582BA3B95D81"
                                    x-ms-request-id: c59bb0f9-701e-0097-2d01-17b8c1000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123356Z-1657d5bbd48brl8we3nu8cxwgn00000000qg00000000nrwb
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:56 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    6192.168.2.45739613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:56 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:56 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:56 GMT
                                    Content-Type: text/xml
                                    Content-Length: 3788
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                    ETag: "0x8DC582BAC2126A6"
                                    x-ms-request-id: 4545068c-701e-0050-0e05-176767000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123356Z-1657d5bbd48p2j6x2quer0q02800000000hg00000000evna
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:56 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    7192.168.2.45739913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:56 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:56 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:56 GMT
                                    Content-Type: text/xml
                                    Content-Length: 2980
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                    ETag: "0x8DC582BA80D96A1"
                                    x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123356Z-1657d5bbd48vhs7r2p1ky7cs5w00000000s000000000g90e
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:56 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    8192.168.2.45740113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:57 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:57 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:57 GMT
                                    Content-Type: text/xml
                                    Content-Length: 474
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                    ETag: "0x8DC582B9964B277"
                                    x-ms-request-id: 3ea0840d-701e-0053-1012-173a0a000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123357Z-1657d5bbd48cpbzgkvtewk0wu000000000h0000000005604
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:57 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    9192.168.2.45740313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:57 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:57 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:57 GMT
                                    Content-Type: text/xml
                                    Content-Length: 415
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                    ETag: "0x8DC582B9F6F3512"
                                    x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123357Z-1657d5bbd48p2j6x2quer0q02800000000r0000000007nys
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:57 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    10192.168.2.45740213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:57 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:57 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:57 GMT
                                    Content-Type: text/xml
                                    Content-Length: 408
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                    ETag: "0x8DC582BB56D3AFB"
                                    x-ms-request-id: 4b0a31e7-c01e-00ad-448c-15a2b9000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123357Z-15767c5fc55d6fcl6x6bw8cpdc0000000e100000000021ge
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:57 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    11192.168.2.45740513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:57 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:57 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:57 GMT
                                    Content-Type: text/xml
                                    Content-Length: 632
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                    ETag: "0x8DC582BB6E3779E"
                                    x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123357Z-1657d5bbd48p2j6x2quer0q02800000000rg000000006cgr
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:57 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    12192.168.2.45740413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:57 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:57 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:57 GMT
                                    Content-Type: text/xml
                                    Content-Length: 471
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                    ETag: "0x8DC582BB10C598B"
                                    x-ms-request-id: 24b39cfc-301e-0096-2a8c-15e71d000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123357Z-15767c5fc554w2fgapsyvy8ua00000000dkg0000000095ra
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:57 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    13192.168.2.45740713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:57 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:58 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:57 GMT
                                    Content-Type: text/xml
                                    Content-Length: 467
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                    ETag: "0x8DC582BA6C038BC"
                                    x-ms-request-id: b2393cc3-501e-005b-768c-15d7f7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123357Z-15767c5fc55whfstvfw43u8fp40000000e2g00000000ksdh
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:58 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    14192.168.2.45740913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:57 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:58 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:57 GMT
                                    Content-Type: text/xml
                                    Content-Length: 486
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                    ETag: "0x8DC582BB344914B"
                                    x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123357Z-1657d5bbd48tnj6wmberkg2xy800000000ng0000000043pa
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:58 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    15192.168.2.45740813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:57 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:58 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:57 GMT
                                    Content-Type: text/xml
                                    Content-Length: 407
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                    ETag: "0x8DC582BBAD04B7B"
                                    x-ms-request-id: 023e3708-a01e-003d-568c-1598d7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123357Z-15767c5fc55472x4k7dmphmadg0000000dng00000000gy6k
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:58 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    16192.168.2.45741013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:57 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:58 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:57 GMT
                                    Content-Type: text/xml
                                    Content-Length: 427
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                    ETag: "0x8DC582BA310DA18"
                                    x-ms-request-id: 1cc301ca-e01e-0071-6f8c-1508e7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123357Z-15767c5fc554wklc0x4mc5pq0w0000000ea000000000essp
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:58 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    17192.168.2.45741413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:58 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:58 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:58 GMT
                                    Content-Type: text/xml
                                    Content-Length: 486
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                    ETag: "0x8DC582B9018290B"
                                    x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123358Z-1657d5bbd4824mj9d6vp65b6n400000000p000000000e5ub
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:58 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    18192.168.2.45741613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:58 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:58 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:58 GMT
                                    Content-Type: text/xml
                                    Content-Length: 469
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                    ETag: "0x8DC582BBA701121"
                                    x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123358Z-1657d5bbd48xlwdx82gahegw4000000000p000000000dt33
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:58 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    19192.168.2.45741713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:58 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:58 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:58 GMT
                                    Content-Type: text/xml
                                    Content-Length: 415
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                    ETag: "0x8DC582BA41997E3"
                                    x-ms-request-id: c54fb296-901e-008f-528c-1567a6000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123358Z-15767c5fc55whfstvfw43u8fp40000000e1g00000000pahd
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:58 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    20192.168.2.45741513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:58 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:58 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:58 GMT
                                    Content-Type: text/xml
                                    Content-Length: 407
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                    ETag: "0x8DC582B9698189B"
                                    x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123358Z-1657d5bbd48p2j6x2quer0q02800000000tg0000000003gx
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:58 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    21192.168.2.45741813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:58 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:58 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:58 GMT
                                    Content-Type: text/xml
                                    Content-Length: 477
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                    ETag: "0x8DC582BB8CEAC16"
                                    x-ms-request-id: 24b39fc0-301e-0096-298c-15e71d000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123358Z-15767c5fc55d6fcl6x6bw8cpdc0000000dug00000000n0cd
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:58 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    22192.168.2.45741913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:58 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:58 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:58 GMT
                                    Content-Type: text/xml
                                    Content-Length: 464
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                    ETag: "0x8DC582B97FB6C3C"
                                    x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123358Z-15767c5fc55rg5b7sh1vuv8t7n0000000ebg00000000cx22
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:58 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    23192.168.2.45742113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:59 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:59 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:59 GMT
                                    Content-Type: text/xml
                                    Content-Length: 419
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                    ETag: "0x8DC582B9748630E"
                                    x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123359Z-1657d5bbd482tlqpvyz9e93p5400000000gg000000004hcr
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:59 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    24192.168.2.45742013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:59 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:59 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:59 GMT
                                    Content-Type: text/xml
                                    Content-Length: 494
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                    ETag: "0x8DC582BB7010D66"
                                    x-ms-request-id: 79ade187-001e-0065-788c-150b73000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123359Z-15767c5fc554wklc0x4mc5pq0w0000000ecg000000008tb3
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:59 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    25192.168.2.45742213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:59 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:59 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:59 GMT
                                    Content-Type: text/xml
                                    Content-Length: 472
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                    ETag: "0x8DC582B9DACDF62"
                                    x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123359Z-1657d5bbd48brl8we3nu8cxwgn00000000t000000000cedx
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:59 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    26192.168.2.45742313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:59 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:59 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:59 GMT
                                    Content-Type: text/xml
                                    Content-Length: 404
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                    ETag: "0x8DC582B9E8EE0F3"
                                    x-ms-request-id: 4f10c824-e01e-0085-1c8c-15c311000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123359Z-15767c5fc55gs96cphvgp5f5vc0000000dwg00000000fxzf
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:59 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    27192.168.2.45742413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:33:59 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:33:59 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:33:59 GMT
                                    Content-Type: text/xml
                                    Content-Length: 468
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                    ETag: "0x8DC582B9C8E04C8"
                                    x-ms-request-id: 81e42967-c01e-0014-5ee9-16a6a3000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123359Z-1657d5bbd48xlwdx82gahegw4000000000rg000000005qsc
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:33:59 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    28192.168.2.45742513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:00 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:00 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:00 GMT
                                    Content-Type: text/xml
                                    Content-Length: 428
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                    ETag: "0x8DC582BAC4F34CA"
                                    x-ms-request-id: 82f8b22c-c01e-0014-5a8c-15a6a3000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123400Z-15767c5fc55whfstvfw43u8fp40000000e2g00000000ksgv
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:00 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    29192.168.2.45742613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:00 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:00 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:00 GMT
                                    Content-Type: text/xml
                                    Content-Length: 499
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                    ETag: "0x8DC582B98CEC9F6"
                                    x-ms-request-id: 30fd46b0-d01e-00a1-368c-1535b1000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123400Z-15767c5fc55whfstvfw43u8fp40000000e6g0000000072xm
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:00 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    30192.168.2.45742713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:00 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:00 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:00 GMT
                                    Content-Type: text/xml
                                    Content-Length: 415
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                    ETag: "0x8DC582B988EBD12"
                                    x-ms-request-id: c530354f-501e-0016-5013-17181b000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123400Z-1657d5bbd48xdq5dkwwugdpzr000000000x0000000000573
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:00 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    31192.168.2.45742813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:00 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:00 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:00 GMT
                                    Content-Type: text/xml
                                    Content-Length: 471
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                    ETag: "0x8DC582BB5815C4C"
                                    x-ms-request-id: 75493038-e01e-00aa-508c-15ceda000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123400Z-15767c5fc552g4w83buhsr3htc0000000dx000000000quzk
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:00 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    32192.168.2.45742913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:00 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:00 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:00 GMT
                                    Content-Type: text/xml
                                    Content-Length: 419
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                    ETag: "0x8DC582BB32BB5CB"
                                    x-ms-request-id: c2ca9d4d-801e-0035-458c-15752a000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123400Z-15767c5fc55rg5b7sh1vuv8t7n0000000eb000000000dud1
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:00 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    33192.168.2.45743113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:01 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:01 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:01 GMT
                                    Content-Type: text/xml
                                    Content-Length: 472
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                    ETag: "0x8DC582B9D43097E"
                                    x-ms-request-id: 4b0a3852-c01e-00ad-3b8c-15a2b9000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123401Z-15767c5fc55kg97hfq5uqyxxaw0000000e300000000063m2
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:01 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    34192.168.2.45743313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:01 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:01 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:01 GMT
                                    Content-Type: text/xml
                                    Content-Length: 427
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                    ETag: "0x8DC582BA909FA21"
                                    x-ms-request-id: eccf174e-001e-0079-238c-1512e8000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123401Z-15767c5fc554w2fgapsyvy8ua00000000dmg000000006823
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:01 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    35192.168.2.45743213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:01 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:01 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:01 GMT
                                    Content-Type: text/xml
                                    Content-Length: 420
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                    ETag: "0x8DC582B9DAE3EC0"
                                    x-ms-request-id: 4c0632d0-601e-0097-4413-17f33a000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123401Z-1657d5bbd48jwrqbupe3ktsx9w00000000tg00000000005d
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:01 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    36192.168.2.45743013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:01 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:01 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:01 GMT
                                    Content-Type: text/xml
                                    Content-Length: 494
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                    ETag: "0x8DC582BB8972972"
                                    x-ms-request-id: 831ef799-b01e-0098-7b8c-15cead000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123401Z-15767c5fc55gs96cphvgp5f5vc0000000dvg00000000kcee
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:01 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    37192.168.2.45743413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:01 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:01 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:01 GMT
                                    Content-Type: text/xml
                                    Content-Length: 486
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                    ETag: "0x8DC582B92FCB436"
                                    x-ms-request-id: 92e59db7-001e-002b-6700-1799f2000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123401Z-1657d5bbd48brl8we3nu8cxwgn00000000vg000000005h6d
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:01 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    38192.168.2.45743513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:01 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:01 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:01 GMT
                                    Content-Type: text/xml
                                    Content-Length: 423
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                    ETag: "0x8DC582BB7564CE8"
                                    x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123401Z-1657d5bbd48brl8we3nu8cxwgn00000000x000000000090a
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:01 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    39192.168.2.45743613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:01 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:01 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:01 GMT
                                    Content-Type: text/xml
                                    Content-Length: 478
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                    ETag: "0x8DC582B9B233827"
                                    x-ms-request-id: 4da5bf60-a01e-0070-668c-15573b000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123401Z-15767c5fc55whfstvfw43u8fp40000000e1g00000000pasu
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:01 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    40192.168.2.45743813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:01 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:01 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:01 GMT
                                    Content-Type: text/xml
                                    Content-Length: 468
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                    ETag: "0x8DC582BB046B576"
                                    x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123401Z-1657d5bbd48jwrqbupe3ktsx9w00000000sg000000003hxh
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:01 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    41192.168.2.45743713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:01 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:02 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:01 GMT
                                    Content-Type: text/xml
                                    Content-Length: 404
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                    ETag: "0x8DC582B95C61A3C"
                                    x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123401Z-1657d5bbd482tlqpvyz9e93p5400000000mg000000004mc0
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:02 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    42192.168.2.45743913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:01 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:02 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:01 GMT
                                    Content-Type: text/xml
                                    Content-Length: 400
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                    ETag: "0x8DC582BB2D62837"
                                    x-ms-request-id: 9bed673a-001e-0046-278c-15da4b000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123401Z-15767c5fc554w2fgapsyvy8ua00000000dh000000000dayf
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:02 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    43192.168.2.45744013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:02 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:02 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:02 GMT
                                    Content-Type: text/xml
                                    Content-Length: 479
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                    ETag: "0x8DC582BB7D702D0"
                                    x-ms-request-id: 772ea1ab-e01e-003c-188c-15c70b000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123402Z-15767c5fc55rg5b7sh1vuv8t7n0000000eag00000000es5w
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:02 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    44192.168.2.45744213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:02 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:02 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:02 GMT
                                    Content-Type: text/xml
                                    Content-Length: 475
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                    ETag: "0x8DC582BB2BE84FD"
                                    x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123402Z-1657d5bbd48xlwdx82gahegw4000000000ng00000000f1q0
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:02 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    45192.168.2.45744113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:02 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:02 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:02 GMT
                                    Content-Type: text/xml
                                    Content-Length: 425
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                    ETag: "0x8DC582BBA25094F"
                                    x-ms-request-id: 3a0dcc46-601e-0032-6c8c-15eebb000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123402Z-15767c5fc55kg97hfq5uqyxxaw0000000e1000000000btef
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:02 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    46192.168.2.45744313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:02 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:02 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:02 GMT
                                    Content-Type: text/xml
                                    Content-Length: 448
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                    ETag: "0x8DC582BB389F49B"
                                    x-ms-request-id: 1f480944-c01e-002b-018c-156e00000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123402Z-15767c5fc554w2fgapsyvy8ua00000000dmg00000000684b
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:02 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    47192.168.2.45744413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:02 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:02 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:02 GMT
                                    Content-Type: text/xml
                                    Content-Length: 491
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                    ETag: "0x8DC582B98B88612"
                                    x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123402Z-1657d5bbd48xlwdx82gahegw4000000000t0000000000wvt
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:02 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    48192.168.2.45744513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:03 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:03 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:03 GMT
                                    Content-Type: text/xml
                                    Content-Length: 416
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                    ETag: "0x8DC582BAEA4B445"
                                    x-ms-request-id: 75858473-001e-000b-318c-1515a7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123403Z-15767c5fc55gs96cphvgp5f5vc0000000dwg00000000fy72
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:03 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    49192.168.2.45744613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:03 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:03 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:03 GMT
                                    Content-Type: text/xml
                                    Content-Length: 479
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                    ETag: "0x8DC582B989EE75B"
                                    x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123403Z-1657d5bbd48xlwdx82gahegw4000000000q000000000baa3
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:03 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    50192.168.2.45744813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:03 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:03 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:03 GMT
                                    Content-Type: text/xml
                                    Content-Length: 471
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                    ETag: "0x8DC582B97E6FCDD"
                                    x-ms-request-id: b83a8dc4-f01e-003f-308c-15d19d000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123403Z-15767c5fc55gs96cphvgp5f5vc0000000e0g00000000420u
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:03 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    51192.168.2.45744713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:03 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:03 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:03 GMT
                                    Content-Type: text/xml
                                    Content-Length: 415
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                    ETag: "0x8DC582BA80D96A1"
                                    x-ms-request-id: b9a197f6-401e-0078-3b8c-154d34000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123403Z-15767c5fc55d6fcl6x6bw8cpdc0000000dtg00000000qhnt
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:03 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    52192.168.2.45744913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:03 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:03 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:03 GMT
                                    Content-Type: text/xml
                                    Content-Length: 419
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                    ETag: "0x8DC582B9C710B28"
                                    x-ms-request-id: 2f8443ca-b01e-0070-308c-151cc0000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123403Z-15767c5fc55rg5b7sh1vuv8t7n0000000ed0000000007qec
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:03 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    53192.168.2.45745013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:04 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:04 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:04 GMT
                                    Content-Type: text/xml
                                    Content-Length: 477
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                    ETag: "0x8DC582BA54DCC28"
                                    x-ms-request-id: 7be6812e-d01e-008e-528c-15387a000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123404Z-15767c5fc554w2fgapsyvy8ua00000000dg000000000g1pt
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:04 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    54192.168.2.45745213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:04 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:04 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:04 GMT
                                    Content-Type: text/xml
                                    Content-Length: 477
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                    ETag: "0x8DC582BA48B5BDD"
                                    x-ms-request-id: 7be6821c-d01e-008e-398c-15387a000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123404Z-15767c5fc55rg5b7sh1vuv8t7n0000000eb000000000dukq
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:04 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    55192.168.2.45745113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:04 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:04 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:04 GMT
                                    Content-Type: text/xml
                                    Content-Length: 419
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                    ETag: "0x8DC582BB7F164C3"
                                    x-ms-request-id: 1f480aea-c01e-002b-028c-156e00000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123404Z-15767c5fc55d6fcl6x6bw8cpdc0000000e00000000004ews
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:04 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    56192.168.2.45745313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:04 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:04 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:04 GMT
                                    Content-Type: text/xml
                                    Content-Length: 419
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                    ETag: "0x8DC582B9FF95F80"
                                    x-ms-request-id: 46a5aa72-701e-0032-6004-17a540000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123404Z-1657d5bbd4824mj9d6vp65b6n400000000kg00000000g3xr
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:04 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    57192.168.2.45745413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:04 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:04 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:04 GMT
                                    Content-Type: text/xml
                                    Content-Length: 472
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                    ETag: "0x8DC582BB650C2EC"
                                    x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123404Z-1657d5bbd48vhs7r2p1ky7cs5w00000000pg00000000p253
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:04 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    58192.168.2.45745613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:04 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:04 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:04 GMT
                                    Content-Type: text/xml
                                    Content-Length: 485
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                    ETag: "0x8DC582BB9769355"
                                    x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123404Z-1657d5bbd48xdq5dkwwugdpzr000000000qg00000000n415
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:04 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    59192.168.2.45745513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:04 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:04 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:04 GMT
                                    Content-Type: text/xml
                                    Content-Length: 468
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                    ETag: "0x8DC582BB3EAF226"
                                    x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123404Z-1657d5bbd48tzspvqynhg14aes00000000u0000000009nzs
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:04 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    60192.168.2.45745713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:04 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:05 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:04 GMT
                                    Content-Type: text/xml
                                    Content-Length: 411
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                    ETag: "0x8DC582B989AF051"
                                    x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123404Z-1657d5bbd4824mj9d6vp65b6n400000000qg0000000097u3
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:05 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    61192.168.2.45745813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:04 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:05 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:04 GMT
                                    Content-Type: text/xml
                                    Content-Length: 470
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                    ETag: "0x8DC582BBB181F65"
                                    x-ms-request-id: 4da5c699-a01e-0070-198c-15573b000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123404Z-15767c5fc55whfstvfw43u8fp40000000e1g00000000pay7
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:05 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    62192.168.2.45745913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:05 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:05 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:05 GMT
                                    Content-Type: text/xml
                                    Content-Length: 427
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                    ETag: "0x8DC582BB556A907"
                                    x-ms-request-id: 0377c3fc-101e-000b-65dc-165e5c000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123405Z-1657d5bbd48tzspvqynhg14aes00000000t000000000bm5m
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:05 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    63192.168.2.45746113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:05 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:05 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:05 GMT
                                    Content-Type: text/xml
                                    Content-Length: 407
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                    ETag: "0x8DC582B9D30478D"
                                    x-ms-request-id: 285c7e33-c01e-008e-718c-157381000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123405Z-15767c5fc55qdcd62bsn50hd6s0000000dvg000000008urv
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:05 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    64192.168.2.45746013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:05 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:05 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:05 GMT
                                    Content-Type: text/xml
                                    Content-Length: 502
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                    ETag: "0x8DC582BB6A0D312"
                                    x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123405Z-1657d5bbd48xdq5dkwwugdpzr000000000vg000000005zt0
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:05 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    65192.168.2.45746213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:05 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:05 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:05 GMT
                                    Content-Type: text/xml
                                    Content-Length: 474
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                    ETag: "0x8DC582BB3F48DAE"
                                    x-ms-request-id: 1cc309a5-e01e-0071-358c-1508e7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123405Z-15767c5fc55gs96cphvgp5f5vc0000000e0g00000000424q
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:05 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    66192.168.2.45746313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:05 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:05 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:05 GMT
                                    Content-Type: text/xml
                                    Content-Length: 408
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                    ETag: "0x8DC582BB9B6040B"
                                    x-ms-request-id: 04c46130-501e-0064-028c-151f54000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123405Z-15767c5fc55gs96cphvgp5f5vc0000000dzg0000000073p4
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:05 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    67192.168.2.45746413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:05 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:05 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:05 GMT
                                    Content-Type: text/xml
                                    Content-Length: 469
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                    ETag: "0x8DC582BB3CAEBB8"
                                    x-ms-request-id: 6a902a44-301e-005d-788c-15e448000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123405Z-15767c5fc552g4w83buhsr3htc0000000e2000000000axfc
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:05 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    68192.168.2.45746613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:06 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:06 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:06 GMT
                                    Content-Type: text/xml
                                    Content-Length: 472
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                    ETag: "0x8DC582B91EAD002"
                                    x-ms-request-id: 4da5c882-a01e-0070-628c-15573b000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123406Z-15767c5fc55qdcd62bsn50hd6s0000000dq000000000s3gy
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:06 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    69192.168.2.45746713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:06 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:06 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:06 GMT
                                    Content-Type: text/xml
                                    Content-Length: 432
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                    ETag: "0x8DC582BAABA2A10"
                                    x-ms-request-id: bfab55ab-401e-0015-6202-170e8d000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123406Z-1657d5bbd48p2j6x2quer0q02800000000r0000000007pnr
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:06 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    70192.168.2.45746513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:06 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:06 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:06 GMT
                                    Content-Type: text/xml
                                    Content-Length: 416
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                    ETag: "0x8DC582BB5284CCE"
                                    x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123406Z-1657d5bbd48tnj6wmberkg2xy800000000m0000000004pke
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:06 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    71192.168.2.45746813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:06 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:06 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:06 GMT
                                    Content-Type: text/xml
                                    Content-Length: 475
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                    ETag: "0x8DC582BBA740822"
                                    x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123406Z-1657d5bbd48qjg85buwfdynm5w00000000h00000000064hf
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:06 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    72192.168.2.45746913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:06 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:06 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:06 GMT
                                    Content-Type: text/xml
                                    Content-Length: 427
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                    ETag: "0x8DC582BB464F255"
                                    x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123406Z-1657d5bbd48qjg85buwfdynm5w00000000hg0000000051dv
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:06 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    73192.168.2.45747013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:07 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:07 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:07 GMT
                                    Content-Type: text/xml
                                    Content-Length: 474
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                    ETag: "0x8DC582BA4037B0D"
                                    x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123407Z-1657d5bbd482tlqpvyz9e93p5400000000fg000000004wmv
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:07 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    74192.168.2.45747113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:07 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:07 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:07 GMT
                                    Content-Type: text/xml
                                    Content-Length: 419
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                    ETag: "0x8DC582BA6CF78C8"
                                    x-ms-request-id: 766164d5-c01e-0082-668c-15af72000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123407Z-15767c5fc554wklc0x4mc5pq0w0000000e8g00000000nhn3
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:07 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    75192.168.2.45747413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:07 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:07 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:07 GMT
                                    Content-Type: text/xml
                                    Content-Length: 468
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                    ETag: "0x8DC582BBA642BF4"
                                    x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123407Z-1657d5bbd48jwrqbupe3ktsx9w00000000ng00000000g7gs
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:07 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    76192.168.2.45747313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:07 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:07 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:07 GMT
                                    Content-Type: text/xml
                                    Content-Length: 405
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                    ETag: "0x8DC582B942B6AFF"
                                    x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123407Z-1657d5bbd48xdq5dkwwugdpzr000000000wg000000002059
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:07 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    77192.168.2.45747213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:08 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:08 UTC470INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:08 GMT
                                    Content-Type: text/xml
                                    Content-Length: 472
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                    ETag: "0x8DC582B984BF177"
                                    x-ms-request-id: dcc4dd0d-f01e-0099-7c8c-159171000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123408Z-15767c5fc55gq5fmm10nm5qqr80000000e5g000000009aep
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:08 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    78192.168.2.45747813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:08 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:08 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:08 GMT
                                    Content-Type: text/xml
                                    Content-Length: 174
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                    ETag: "0x8DC582B91D80E15"
                                    x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123408Z-1657d5bbd48qjg85buwfdynm5w00000000f00000000050xz
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:08 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    79192.168.2.45747913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:08 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:08 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:08 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1952
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                    ETag: "0x8DC582B956B0F3D"
                                    x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123408Z-1657d5bbd48brl8we3nu8cxwgn00000000t000000000cezq
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:08 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    80192.168.2.45748013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:08 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:08 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:08 GMT
                                    Content-Type: text/xml
                                    Content-Length: 958
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                    ETag: "0x8DC582BA0A31B3B"
                                    x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123408Z-1657d5bbd48brl8we3nu8cxwgn00000000s000000000gawp
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:08 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    81192.168.2.45748113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:08 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:08 UTC491INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:08 GMT
                                    Content-Type: text/xml
                                    Content-Length: 501
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                    ETag: "0x8DC582BACFDAACD"
                                    x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123408Z-1657d5bbd48brl8we3nu8cxwgn00000000v0000000007c85
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:08 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    82192.168.2.45748213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:08 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:09 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:08 GMT
                                    Content-Type: text/xml
                                    Content-Length: 2592
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                    ETag: "0x8DC582BB5B890DB"
                                    x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123408Z-1657d5bbd48vhs7r2p1ky7cs5w00000000x00000000005ev
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:09 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    83192.168.2.45748413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:08 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:09 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:09 GMT
                                    Content-Type: text/xml
                                    Content-Length: 2284
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                    ETag: "0x8DC582BCD58BEEE"
                                    x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123409Z-1657d5bbd48tnj6wmberkg2xy800000000eg000000004wuz
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:09 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    84192.168.2.45748313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:09 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:09 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:09 GMT
                                    Content-Type: text/xml
                                    Content-Length: 3342
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                    ETag: "0x8DC582B927E47E9"
                                    x-ms-request-id: 1cc30bd5-e01e-0071-1a8c-1508e7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123409Z-15767c5fc554w2fgapsyvy8ua00000000dkg0000000096e9
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:09 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    85192.168.2.45748513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:09 UTC191OUTGET /rules/rule90401v3s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:09 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:09 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1250
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                    ETag: "0x8DC582BDE4487AA"
                                    x-ms-request-id: f46b615b-701e-006f-6ebf-16afc4000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123409Z-15767c5fc55qdcd62bsn50hd6s0000000dv0000000009yw7
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache-Info: L1_T2
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:09 UTC1250INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    86192.168.2.45748613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:09 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:09 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:09 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1393
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                    ETag: "0x8DC582BE3E55B6E"
                                    x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123409Z-1657d5bbd48cpbzgkvtewk0wu000000000hg000000005f9p
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:09 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    87192.168.2.45748713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:09 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:09 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:09 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1356
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                    ETag: "0x8DC582BDC681E17"
                                    x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123409Z-1657d5bbd48tnj6wmberkg2xy800000000p0000000002h56
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:09 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    88192.168.2.45748813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:09 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:09 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:09 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1393
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                    ETag: "0x8DC582BE39DFC9B"
                                    x-ms-request-id: 7afec079-601e-000d-468c-152618000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123409Z-15767c5fc55whfstvfw43u8fp40000000e60000000008wgv
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:09 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    89192.168.2.45748913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:09 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:09 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:09 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1356
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                    ETag: "0x8DC582BDF66E42D"
                                    x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123409Z-1657d5bbd48cpbzgkvtewk0wu000000000m0000000004h07
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:09 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    90192.168.2.45749013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:09 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:09 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:09 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1395
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                    ETag: "0x8DC582BE017CAD3"
                                    x-ms-request-id: a68e09c4-f01e-0052-148c-159224000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123409Z-15767c5fc55d6fcl6x6bw8cpdc0000000dxg00000000c38s
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:09 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    91192.168.2.45749113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:09 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:09 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:09 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1358
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                    ETag: "0x8DC582BE6431446"
                                    x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123409Z-15767c5fc55rg5b7sh1vuv8t7n0000000e7g00000000pngr
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:09 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    92192.168.2.45749313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:10 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:10 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:10 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1358
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                    ETag: "0x8DC582BE022ECC5"
                                    x-ms-request-id: 76165599-601e-000d-1a02-172618000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123410Z-1657d5bbd48p2j6x2quer0q02800000000sg000000002z2x
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:10 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    93192.168.2.45749213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:10 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:10 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:10 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1395
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                    ETag: "0x8DC582BDE12A98D"
                                    x-ms-request-id: 03c3f781-101e-000b-56fe-165e5c000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123410Z-1657d5bbd48xdq5dkwwugdpzr000000000qg00000000n4d7
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:10 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    94192.168.2.45749413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:10 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:10 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:10 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1389
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                    ETag: "0x8DC582BE10A6BC1"
                                    x-ms-request-id: 7afec1f8-601e-000d-328c-152618000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123410Z-15767c5fc55d6fcl6x6bw8cpdc0000000dwg00000000ev37
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:10 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    95192.168.2.45749513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:10 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:10 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:10 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1352
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                    ETag: "0x8DC582BE9DEEE28"
                                    x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123410Z-1657d5bbd48cpbzgkvtewk0wu000000000g0000000004pnc
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:10 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    96192.168.2.45749613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:10 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:10 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:10 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1405
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                    ETag: "0x8DC582BE12B5C71"
                                    x-ms-request-id: 4a217eb8-401e-00a3-218c-158b09000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123410Z-15767c5fc55qdcd62bsn50hd6s0000000dsg00000000k073
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:10 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    97192.168.2.45749813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:11 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:11 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:11 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1401
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                    ETag: "0x8DC582BE055B528"
                                    x-ms-request-id: 6a90350a-301e-005d-348c-15e448000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123411Z-15767c5fc55qdcd62bsn50hd6s0000000dsg00000000k08g
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:11 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    98192.168.2.45749713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:11 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:11 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:11 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1368
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                    ETag: "0x8DC582BDDC22447"
                                    x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123411Z-1657d5bbd48brl8we3nu8cxwgn00000000u000000000atm6
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:11 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    99192.168.2.45749913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:11 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:11 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:11 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1364
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                    ETag: "0x8DC582BE1223606"
                                    x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123411Z-1657d5bbd48p2j6x2quer0q02800000000q0000000009uyc
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:11 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    100192.168.2.45750013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:11 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:11 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:11 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1397
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                    ETag: "0x8DC582BE7262739"
                                    x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123411Z-1657d5bbd48brl8we3nu8cxwgn00000000wg000000001s99
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:11 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    101192.168.2.45750113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:11 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:11 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:11 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1360
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                    ETag: "0x8DC582BDDEB5124"
                                    x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123411Z-1657d5bbd48vhs7r2p1ky7cs5w00000000w0000000003xz3
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:11 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    102192.168.2.45750213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:12 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:12 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:12 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1403
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                    ETag: "0x8DC582BDCB4853F"
                                    x-ms-request-id: 6ec2e3f4-801e-007b-208c-15e7ab000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123412Z-15767c5fc55qdcd62bsn50hd6s0000000dt000000000fwmd
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:12 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    103192.168.2.45750513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:12 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:12 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:12 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1360
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                    ETag: "0x8DC582BDD74D2EC"
                                    x-ms-request-id: fbb49b00-e01e-00aa-4806-17ceda000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123412Z-1657d5bbd48jwrqbupe3ktsx9w00000000s0000000004w8b
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:12 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    104192.168.2.45750413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:12 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:12 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:12 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1397
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                    ETag: "0x8DC582BDFD43C07"
                                    x-ms-request-id: 704395e8-201e-005d-718c-15afb3000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123412Z-15767c5fc55rg5b7sh1vuv8t7n0000000ec000000000b98q
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:12 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    105192.168.2.45750613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:12 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:12 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:12 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1427
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                    ETag: "0x8DC582BE56F6873"
                                    x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123412Z-1657d5bbd4824mj9d6vp65b6n400000000q000000000awbu
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:12 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    106192.168.2.45750313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:12 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:12 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:12 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1366
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                    ETag: "0x8DC582BDB779FC3"
                                    x-ms-request-id: 0da95f5c-701e-0097-318c-15b8c1000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123412Z-15767c5fc55gq5fmm10nm5qqr80000000e8g0000000001n2
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:12 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    107192.168.2.45750713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:12 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:12 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:12 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1390
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                    ETag: "0x8DC582BE3002601"
                                    x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123412Z-1657d5bbd48jwrqbupe3ktsx9w00000000sg000000003kp5
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:12 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    108192.168.2.45751013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:12 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:13 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:12 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1401
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                    ETag: "0x8DC582BE2A9D541"
                                    x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123412Z-1657d5bbd48qjg85buwfdynm5w00000000m0000000005bg2
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:13 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    109192.168.2.45750813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:12 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:13 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:12 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1391
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                    ETag: "0x8DC582BDF58DC7E"
                                    x-ms-request-id: 023e591f-a01e-003d-618c-1598d7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123412Z-15767c5fc554wklc0x4mc5pq0w0000000e8000000000p1g4
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:13 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    110192.168.2.45750913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:12 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:13 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:12 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1364
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                    ETag: "0x8DC582BEB6AD293"
                                    x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123412Z-1657d5bbd48p2j6x2quer0q02800000000t00000000021eq
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:13 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    111192.168.2.45751113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:13 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:13 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:13 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1354
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                    ETag: "0x8DC582BE0662D7C"
                                    x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123413Z-1657d5bbd48xlwdx82gahegw4000000000ng00000000f278
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:13 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    112192.168.2.45751213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:13 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:13 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:13 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1403
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                    ETag: "0x8DC582BDCDD6400"
                                    x-ms-request-id: 819d4321-f01e-0020-6e8c-15956b000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123413Z-15767c5fc55whfstvfw43u8fp40000000e5000000000cuev
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:13 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    113192.168.2.45751313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:13 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:13 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:13 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1366
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                    ETag: "0x8DC582BDF1E2608"
                                    x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123413Z-1657d5bbd48tnj6wmberkg2xy800000000pg000000000r6f
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:13 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    114192.168.2.45751413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:13 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:13 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:13 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1399
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                    ETag: "0x8DC582BE8C605FF"
                                    x-ms-request-id: 76dbcc6a-501e-0035-36ed-16c923000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123413Z-1657d5bbd4824mj9d6vp65b6n400000000pg00000000bw3a
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:13 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    115192.168.2.45751513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:13 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:13 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:13 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1362
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                    ETag: "0x8DC582BDF497570"
                                    x-ms-request-id: 7585955c-001e-000b-518c-1515a7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123413Z-15767c5fc55rg5b7sh1vuv8t7n0000000ee0000000004acn
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:13 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    116192.168.2.45751613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:13 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:13 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:13 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1403
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                    ETag: "0x8DC582BDC2EEE03"
                                    x-ms-request-id: 89fd357a-501e-008f-758c-159054000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123413Z-15767c5fc55whfstvfw43u8fp40000000e1g00000000pbar
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:13 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    117192.168.2.45751713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:14 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:14 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:14 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1366
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                    ETag: "0x8DC582BEA414B16"
                                    x-ms-request-id: a7582d38-101e-0028-528c-158f64000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123414Z-15767c5fc55rg5b7sh1vuv8t7n0000000e9g00000000kkq4
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:14 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    118192.168.2.45751913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:14 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:14 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:14 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1362
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                    ETag: "0x8DC582BEB256F43"
                                    x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123414Z-1657d5bbd48p2j6x2quer0q02800000000m000000000eeer
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:14 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    119192.168.2.45751813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:14 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:14 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:14 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1399
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                    ETag: "0x8DC582BE1CC18CD"
                                    x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123414Z-1657d5bbd48tzspvqynhg14aes00000000r000000000h4sq
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:14 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    120192.168.2.45752013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:14 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:14 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:14 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1403
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                    ETag: "0x8DC582BEB866CDB"
                                    x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123414Z-1657d5bbd48jwrqbupe3ktsx9w00000000m000000000fxab
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:14 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    121192.168.2.45752113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:14 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:14 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:14 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1366
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                    ETag: "0x8DC582BE5B7B174"
                                    x-ms-request-id: ca2bab4f-201e-0071-5e14-17ff15000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123414Z-1657d5bbd48xdq5dkwwugdpzr000000000w0000000003rzp
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:14 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    122192.168.2.45752213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:15 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:15 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:15 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1399
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                    ETag: "0x8DC582BE976026E"
                                    x-ms-request-id: 7baaa16d-b01e-0097-4d8c-154f33000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123415Z-15767c5fc55rg5b7sh1vuv8t7n0000000e9g00000000kks5
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:15 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    123192.168.2.45752313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:15 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:15 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:15 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1362
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                    ETag: "0x8DC582BDC13EFEF"
                                    x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123415Z-1657d5bbd48jwrqbupe3ktsx9w00000000hg00000000ggtr
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:15 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    124192.168.2.45752413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:15 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:15 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:15 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1425
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                    ETag: "0x8DC582BE6BD89A1"
                                    x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123415Z-1657d5bbd48cpbzgkvtewk0wu000000000mg00000000597m
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:15 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    125192.168.2.45752613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:15 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:15 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:15 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1415
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                    ETag: "0x8DC582BE7C66E85"
                                    x-ms-request-id: 42bb1403-701e-005c-578c-15bb94000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123415Z-15767c5fc55kg97hfq5uqyxxaw0000000dz000000000hhna
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:15 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    126192.168.2.45752513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:15 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:15 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:15 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1388
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                    ETag: "0x8DC582BDBD9126E"
                                    x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123415Z-1657d5bbd48tnj6wmberkg2xy800000000e0000000005ayr
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:15 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    127192.168.2.45752913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:16 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:16 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:16 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1405
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                                    ETag: "0x8DC582BE89A8F82"
                                    x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123416Z-1657d5bbd48vhs7r2p1ky7cs5w00000000vg0000000067dq
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:16 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    128192.168.2.45752713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:16 UTC192OUTGET /rules/rule700500v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:16 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:16 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1368
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                    ETag: "0x8DC582BE51CE7B3"
                                    x-ms-request-id: 2f845d93-b01e-0070-2f8c-151cc0000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123416Z-15767c5fc55gq5fmm10nm5qqr80000000e7g0000000033es
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:16 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    129192.168.2.45752813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:16 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:16 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:16 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1378
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                    ETag: "0x8DC582BDB813B3F"
                                    x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123416Z-1657d5bbd48p2j6x2quer0q02800000000mg00000000e9ya
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:16 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    130192.168.2.45753013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:16 UTC192OUTGET /rules/rule702551v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:16 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:16 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1415
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                    ETag: "0x8DC582BDCE9703A"
                                    x-ms-request-id: 5f7380a8-801e-0015-7b8c-15f97f000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123416Z-15767c5fc55rg5b7sh1vuv8t7n0000000eag00000000et50
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:16 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    131192.168.2.45753113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:16 UTC192OUTGET /rules/rule702550v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:16 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:16 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1378
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                    ETag: "0x8DC582BE584C214"
                                    x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123416Z-1657d5bbd48cpbzgkvtewk0wu000000000dg000000004gz6
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:16 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    132192.168.2.45753513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:16 UTC192OUTGET /rules/rule701351v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:16 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:16 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1407
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                    ETag: "0x8DC582BE687B46A"
                                    x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123416Z-15767c5fc554w2fgapsyvy8ua00000000dm00000000087hu
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:16 UTC1407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    133192.168.2.45753613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:16 UTC192OUTGET /rules/rule701350v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:16 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:16 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1370
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                    ETag: "0x8DC582BDE62E0AB"
                                    x-ms-request-id: 838d7376-001e-0014-17fe-165151000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123416Z-1657d5bbd48tnj6wmberkg2xy800000000dg000000004ggb
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:16 UTC1370INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    134192.168.2.45753713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:16 UTC192OUTGET /rules/rule702151v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:16 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:16 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1397
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                    ETag: "0x8DC582BE156D2EE"
                                    x-ms-request-id: 7d18055e-701e-0098-56ff-16395f000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123416Z-1657d5bbd4824mj9d6vp65b6n400000000r0000000008grv
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:16 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    135192.168.2.45753813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:16 UTC192OUTGET /rules/rule702150v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:17 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:16 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1360
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT
                                    ETag: "0x8DC582BEDC8193E"
                                    x-ms-request-id: b1fbfe33-a01e-003d-4fd4-1698d7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123416Z-1657d5bbd48xlwdx82gahegw4000000000n000000000gwgd
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:17 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    136192.168.2.45753913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:16 UTC192OUTGET /rules/rule703001v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:17 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:16 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1406
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                    ETag: "0x8DC582BEB16F27E"
                                    x-ms-request-id: 4b0a4db7-c01e-00ad-2d8c-15a2b9000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123416Z-15767c5fc554w2fgapsyvy8ua00000000dkg0000000096zd
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:17 UTC1406INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    137192.168.2.45754013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:17 UTC192OUTGET /rules/rule703000v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:17 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:17 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1369
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                    ETag: "0x8DC582BE32FE1A2"
                                    x-ms-request-id: 1cc313a1-e01e-0071-4b8c-1508e7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123417Z-15767c5fc55rg5b7sh1vuv8t7n0000000eb000000000dva3
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:17 UTC1369INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    138192.168.2.45754113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:17 UTC192OUTGET /rules/rule700751v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:17 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:17 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1414
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                    ETag: "0x8DC582BE03B051D"
                                    x-ms-request-id: 4543d13f-701e-0050-5a04-176767000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123417Z-1657d5bbd48tnj6wmberkg2xy800000000kg000000004w1z
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:17 UTC1414INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    139192.168.2.45754213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:17 UTC192OUTGET /rules/rule700750v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:17 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:17 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1377
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT
                                    ETag: "0x8DC582BEAFF0125"
                                    x-ms-request-id: 0dcb9a48-e01e-0003-1c8c-150fa8000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123417Z-15767c5fc55d6fcl6x6bw8cpdc0000000du000000000p90y
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:17 UTC1377INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    140192.168.2.45754313.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:17 UTC192OUTGET /rules/rule700151v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:17 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:17 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1399
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                    ETag: "0x8DC582BE0A2434F"
                                    x-ms-request-id: 4a218e36-401e-00a3-268c-158b09000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123417Z-15767c5fc554w2fgapsyvy8ua00000000df000000000hwhg
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:17 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    141192.168.2.45754413.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:17 UTC192OUTGET /rules/rule700150v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:17 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:17 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1362
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                    ETag: "0x8DC582BE54CA33F"
                                    x-ms-request-id: f1c85a61-d01e-007a-188c-15f38c000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123417Z-15767c5fc554w2fgapsyvy8ua00000000dm00000000087nb
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:17 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    142192.168.2.45754513.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:18 UTC192OUTGET /rules/rule703451v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:18 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:18 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1409
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                    ETag: "0x8DC582BDFC438CF"
                                    x-ms-request-id: 7cb43a82-e01e-0033-45fe-164695000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123418Z-1657d5bbd48xdq5dkwwugdpzr000000000s000000000gags
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:18 UTC1409INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    143192.168.2.45754613.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:18 UTC192OUTGET /rules/rule703450v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:18 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:18 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1372
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                    ETag: "0x8DC582BE6669CA7"
                                    x-ms-request-id: 9139889b-001e-0079-22f3-1612e8000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123418Z-1657d5bbd48tzspvqynhg14aes00000000r000000000h4zs
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:18 UTC1372INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    144192.168.2.45754713.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:18 UTC192OUTGET /rules/rule700901v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:18 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:18 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1408
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                    ETag: "0x8DC582BE1038EF2"
                                    x-ms-request-id: f40770c2-201e-0000-318c-15a537000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123418Z-15767c5fc55kg97hfq5uqyxxaw0000000e1000000000buby
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:18 UTC1408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    145192.168.2.45754913.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:18 UTC192OUTGET /rules/rule702251v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:18 UTC584INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:18 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1389
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                    ETag: "0x8DC582BE0F427E7"
                                    x-ms-request-id: de435f0b-f01e-0052-0101-179224000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123418Z-1657d5bbd4824mj9d6vp65b6n400000000m000000000gmv9
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    X-Cache-Info: L1_T2
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:18 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    146192.168.2.45754813.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:18 UTC192OUTGET /rules/rule700900v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:18 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:18 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1371
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:28:06 GMT
                                    ETag: "0x8DC582BED3D048D"
                                    x-ms-request-id: d51e0a59-d01e-005a-6cfe-167fd9000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123418Z-1657d5bbd48xdq5dkwwugdpzr000000000v0000000007mfb
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:18 UTC1371INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6f 66 69 6e 67 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700900" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProofing" S="Medium" /> <F


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    147192.168.2.45755013.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:19 UTC192OUTGET /rules/rule702250v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:19 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:19 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1352
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                    ETag: "0x8DC582BDD0A87E5"
                                    x-ms-request-id: 801e3e61-b01e-0021-2d8c-15cab7000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123419Z-15767c5fc55gs96cphvgp5f5vc0000000du000000000rawf
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:19 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="Medium" /> <F T="2"> <O T


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    148192.168.2.45755113.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:19 UTC192OUTGET /rules/rule702651v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:19 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:19 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1395
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                    ETag: "0x8DC582BDEC600CC"
                                    x-ms-request-id: 1f481f42-c01e-002b-6c8c-156e00000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123419Z-15767c5fc55gs96cphvgp5f5vc0000000dyg00000000afg3
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:19 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 65 64 69 61 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 65 64 69
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702651" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Media.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenMedi


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    149192.168.2.45755213.107.246.45443
                                    TimestampBytes transferredDirectionData
                                    2024-10-05 12:34:19 UTC192OUTGET /rules/rule702650v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                    Host: otelrules.azureedge.net
                                    2024-10-05 12:34:19 UTC563INHTTP/1.1 200 OK
                                    Date: Sat, 05 Oct 2024 12:34:19 GMT
                                    Content-Type: text/xml
                                    Content-Length: 1358
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                    ETag: "0x8DC582BDEA1B544"
                                    x-ms-request-id: 04c4786e-501e-0064-028c-151f54000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20241005T123419Z-15767c5fc552g4w83buhsr3htc0000000e2g000000007k8c
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2024-10-05 12:34:19 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 65 64 69 61 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 65 64 69 61 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702650" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Media" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenMedia" S="Medium" /> <F T="2">


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:08:32:54
                                    Start date:05/10/2024
                                    Path:C:\Users\user\Desktop\81zBpBAWwc.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Users\user\Desktop\81zBpBAWwc.exe"
                                    Imagebase:0x7ff6996c0000
                                    File size:2'322'503 bytes
                                    MD5 hash:8837DF25AABC4FAD85E851ACA192F714
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:1
                                    Start time:08:32:54
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    Wow64 process (32bit):false
                                    Commandline:"powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{004C0880-8C4C-4CC0-CC40-C80CC800C4C4}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                                    Imagebase:0x7ff788560000
                                    File size:452'608 bytes
                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:2
                                    Start time:08:32:54
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff7699e0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:3
                                    Start time:08:32:59
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\regsvr32.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini
                                    Imagebase:0x7ff6830e0000
                                    File size:25'088 bytes
                                    MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000002.1747979036.000000001BDA1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1735435044.000000001C680000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1735195226.000000001C3A0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000003.1732715826.000000001B790000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:4
                                    Start time:08:33:02
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\OpenWith.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Windows\system32\openwith.exe"
                                    Imagebase:0x7ff713d60000
                                    File size:123'984 bytes
                                    MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1858918260.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1872756258.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1838129032.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1860404032.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1848367747.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1864029392.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1820263145.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1844556462.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1830217382.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1825939380.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1874774148.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1877691935.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1833111481.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1850439856.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1871687520.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1822995618.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1839488162.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1876940522.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1745138145.00000149EA6F0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1852328722.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.2023536799.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1843708658.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1837526724.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1908667751.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1844059304.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1843341449.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.2037272936.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1874529158.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1744894909.00000149EA410000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1840606816.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1846437877.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1873686601.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1855539140.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1875551874.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1836105614.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1849189930.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1835809635.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1820263145.00000149EABC1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1862556714.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1842766373.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1895556015.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1850036443.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1846011615.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1869033684.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1834401410.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1869983996.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1864418183.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1900087266.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1841618473.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1847727226.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1841102498.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1827293945.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1743171217.00000149E7FE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1870384738.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1854099505.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1869304089.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1867316447.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1834870839.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1866723582.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1847055049.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1825117026.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1853395898.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1868087667.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1824744647.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1850823165.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1895202612.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1868687963.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1839012082.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1851414734.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.2025877192.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1833649423.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1863393703.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1840151430.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1851882644.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1845622274.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1865585143.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1836791970.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1835346077.00000149EACBD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:5
                                    Start time:08:33:03
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\regsvr32.exe
                                    Wow64 process (32bit):false
                                    Commandline:"regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/ACKq.ini
                                    Imagebase:0x7ff6830e0000
                                    File size:25'088 bytes
                                    MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:9
                                    Start time:08:33:28
                                    Start date:05/10/2024
                                    Path:C:\Program Files\Windows Media Player\wmpnscfg.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Windows Media Player\wmpnscfg.exe"
                                    Imagebase:0x7ff7d6ad0000
                                    File size:71'168 bytes
                                    MD5 hash:F912FF78DE347834EA56CEB0E12F80EC
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:false

                                    General

                                    Target ID:10
                                    Start time:08:33:31
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\dllhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Windows\system32\dllhost.exe"
                                    Imagebase:0x7ff70f330000
                                    File size:21'312 bytes
                                    MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:false

                                    General

                                    Target ID:11
                                    Start time:08:33:36
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\rekeywiz.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Windows\system32\rekeywiz.exe"
                                    Imagebase:0x7ff6d1240000
                                    File size:122'880 bytes
                                    MD5 hash:A24EFFD38DDC2FFAB4F0592CA2CC585E
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:12
                                    Start time:08:33:39
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\rekeywiz.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Windows\system32\rekeywiz.exe"
                                    Imagebase:0x7ff6d1240000
                                    File size:122'880 bytes
                                    MD5 hash:A24EFFD38DDC2FFAB4F0592CA2CC585E
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:13
                                    Start time:08:33:39
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    Wow64 process (32bit):false
                                    Commandline:"powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{88C88888-CCCC-4CC8-CCCC-C8CCC8888000}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                                    Imagebase:0x7ff788560000
                                    File size:452'608 bytes
                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:14
                                    Start time:08:33:39
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff7699e0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:15
                                    Start time:08:33:43
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\regsvr32.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini
                                    Imagebase:0x7ff6830e0000
                                    File size:25'088 bytes
                                    MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:false

                                    General

                                    Target ID:16
                                    Start time:08:33:52
                                    Start date:05/10/2024
                                    Path:C:\Windows\System32\regsvr32.exe
                                    Wow64 process (32bit):false
                                    Commandline:"regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/oc82.ini
                                    Imagebase:0x7ff6830e0000
                                    File size:25'088 bytes
                                    MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:0.9%
                                      Dynamic/Decrypted Code Coverage:0%
                                      Signature Coverage:46.1%
                                      Total number of Nodes:879
                                      Total number of Limit Nodes:23
                                      execution_graph 121134 7ff6996c13d0 121137 7ff6996c1180 121134->121137 121136 7ff6996c13e6 121138 7ff6996c11b0 121137->121138 121139 7ff6996c11b9 Sleep 121138->121139 121142 7ff6996c11c9 121138->121142 121139->121138 121140 7ff6996c134c _initterm 121141 7ff6996c11fc 121140->121141 121150 7ff69976d980 121141->121150 121142->121140 121142->121141 121149 7ff6996c12b2 121142->121149 121144 7ff6996c1224 SetUnhandledExceptionFilter 121145 7ff6996c1247 121144->121145 121146 7ff6996c124c malloc 121145->121146 121147 7ff6996c1276 121146->121147 121146->121149 121148 7ff6996c1280 strlen malloc memcpy 121147->121148 121148->121148 121148->121149 121149->121136 121151 7ff69976d9b8 121150->121151 121174 7ff69976d9a1 121150->121174 121152 7ff69976dc80 121151->121152 121154 7ff69976da30 121151->121154 121158 7ff69976db90 121151->121158 121151->121174 121153 7ff69976dc89 121152->121153 121152->121174 121165 7ff69976dcad 121153->121165 121177 7ff69976d810 8 API calls 121153->121177 121156 7ff69976dcd6 121154->121156 121154->121158 121159 7ff69976dcc0 121154->121159 121163 7ff69976dbf0 121154->121163 121154->121165 121169 7ff69976daa2 121154->121169 121154->121174 121180 7ff69976d7a0 8 API calls 121156->121180 121158->121159 121160 7ff69976dbd0 121158->121160 121179 7ff69976d7a0 8 API calls 121159->121179 121160->121159 121175 7ff69976d810 8 API calls 121160->121175 121161 7ff69976dce2 121161->121144 121163->121159 121164 7ff69976dbe2 121163->121164 121164->121159 121164->121163 121176 7ff69976d810 8 API calls 121164->121176 121178 7ff69976d7a0 8 API calls 121165->121178 121169->121154 121169->121159 121170 7ff69976db1d 121169->121170 121171 7ff69976d810 8 API calls 121169->121171 121173 7ff69976db20 121169->121173 121170->121173 121171->121169 121172 7ff69976db52 VirtualProtect 121172->121173 121173->121172 121173->121174 121174->121144 121175->121164 121176->121164 121177->121153 121178->121159 121179->121156 121180->121161 121181 7ff6996c18ff 121184 7ff6996f72a0 121181->121184 121185 7ff6996f72c1 121184->121185 121186 7ff6996f72d6 SetThreadDescription 121185->121186 121195 7ff6996f7ee0 121186->121195 121188 7ff6996f72fb 121210 7ff6996f76c0 121188->121210 121192 7ff6996c1928 121250 7ff69974e5e0 98 API calls 121195->121250 121197 7ff6996f7f01 121198 7ff6996f7f21 121197->121198 121251 7ff6996c3e00 121197->121251 121200 7ff6996f7f93 121198->121200 121201 7ff6996f7f29 121198->121201 121255 7ff69974a470 98 API calls 121200->121255 121203 7ff6996f7f75 121201->121203 121256 7ff6996f7d40 98 API calls 121201->121256 121203->121188 121205 7ff6996f7f9e 121257 7ff69976d100 6 API calls 121205->121257 121207 7ff6996f7fba 121258 7ff69976d100 6 API calls 121207->121258 121209 7ff6996f7fd4 121209->121188 121266 7ff69972c340 98 API calls 121210->121266 121212 7ff6996f76f0 121213 7ff6996f76f5 121212->121213 121214 7ff6996f7739 121212->121214 121215 7ff6996f7770 121213->121215 121216 7ff6996f76fb 121213->121216 121268 7ff6997577f0 98 API calls 121214->121268 121269 7ff699705360 98 API calls 121215->121269 121267 7ff69972c250 98 API calls 121216->121267 121220 7ff6996f7717 121221 7ff6996f7303 121220->121221 121270 7ff699757030 98 API calls 121220->121270 121246 7ff6996c192e 121221->121246 121271 7ff6996c1941 121246->121271 121249 7ff699725220 102 API calls 121250->121197 121252 7ff699710600 121251->121252 121259 7ff699712cf0 121252->121259 121255->121205 121257->121207 121258->121209 121260 7ff699712cb0 GetProcessHeap 121259->121260 121264 7ff699712ccb HeapAlloc 121259->121264 121263 7ff699710635 121260->121263 121260->121264 121263->121198 121265 7ff69989bb18 121264->121265 121266->121212 121267->121220 121269->121220 121276 7ff6996c2fe9 121271->121276 121366 7ff6996c36b8 121271->121366 121416 7ff6996c36ab 121271->121416 121272 7ff6996c193a 121272->121192 121272->121249 121277 7ff6996c3012 121276->121277 121278 7ff6996c300a 121276->121278 121280 7ff6996c305a 121277->121280 121282 7ff6996c302e 121277->121282 121470 7ff69975d4c0 98 API calls 121277->121470 121469 7ff6996c1893 98 API calls 121278->121469 121466 7ff69975d530 121280->121466 121282->121272 121284 7ff6996c3069 121285 7ff69974aed0 101 API calls 121284->121285 121286 7ff6996c30a1 121285->121286 121287 7ff6996c3c95 121286->121287 121288 7ff6996c30aa CreateMutexA GetLastError 121286->121288 121291 7ff6997577f0 98 API calls 121287->121291 121289 7ff6996c30d9 121288->121289 121290 7ff6996c30fb 121288->121290 121289->121272 121292 7ff6996c3e48 99 API calls 121290->121292 121293 7ff6996c3ccf 121291->121293 121295 7ff6996c310b 121292->121295 121294 7ff699757030 98 API calls 121293->121294 121296 7ff6996c3ce2 121294->121296 121295->121293 121297 7ff6996c3114 121295->121297 121298 7ff699757210 98 API calls 121296->121298 121299 7ff6996c74eb 98 API calls 121297->121299 121300 7ff6996c3d17 121298->121300 121308 7ff6996c3159 121299->121308 121301 7ff6997577f0 98 API calls 121300->121301 121302 7ff6996c3d46 121301->121302 121303 7ff699757290 98 API calls 121302->121303 121304 7ff6996c3d5e 121303->121304 121305 7ff699757010 98 API calls 121304->121305 121307 7ff6996c3d6a 121305->121307 121306 7ff6996c1f75 98 API calls 121306->121308 121308->121306 121309 7ff6996c21bf 99 API calls 121308->121309 121310 7ff6996c31c6 121308->121310 121309->121308 121311 7ff69970b8e0 104 API calls 121310->121311 121312 7ff6996c320d 121311->121312 121313 7ff6996c20ea 105 API calls 121312->121313 121314 7ff6996c3270 121313->121314 121315 7ff69970b8e0 104 API calls 121314->121315 121316 7ff6996c329b 121315->121316 121317 7ff6996c1fb8 99 API calls 121316->121317 121318 7ff6996c32cd 121317->121318 121319 7ff6996cd80b 98 API calls 121318->121319 121320 7ff6996c3318 121319->121320 121321 7ff69974a450 98 API calls 121320->121321 121322 7ff6996c336c 121320->121322 121321->121322 121323 7ff6996ccfbf 101 API calls 121322->121323 121324 7ff6996c347c 121323->121324 121325 7ff6996c1496 99 API calls 121324->121325 121331 7ff6996c352e 121325->121331 121326 7ff6996c372d 121329 7ff6996fbbf0 103 API calls 121326->121329 121365 7ff6996c3536 121326->121365 121327 7ff6996c1496 99 API calls 121327->121331 121328 7ff6996c5d25 GetProcessHeap HeapAlloc 121328->121331 121337 7ff6996c375f 121329->121337 121330 7ff6996c3658 memset 121330->121331 121331->121302 121331->121326 121331->121327 121331->121328 121331->121330 121331->121365 121332 7ff6996c388c 121333 7ff6996c20ea 105 API calls 121332->121333 121334 7ff6996c38ef 121333->121334 121335 7ff6996c20ea 105 API calls 121334->121335 121340 7ff6996c3966 121335->121340 121336 7ff6996c21bf 99 API calls 121336->121337 121337->121300 121337->121332 121337->121336 121338 7ff6996c3d6b 98 API calls 121337->121338 121339 7ff6996c3881 121337->121339 121338->121337 121339->121296 121339->121332 121341 7ff69971b1e0 99 API calls 121340->121341 121342 7ff6996c3a07 121341->121342 121343 7ff69971b300 101 API calls 121342->121343 121344 7ff6996c3a1f 121343->121344 121345 7ff69970c410 267 API calls 121344->121345 121346 7ff6996c3a39 121345->121346 121347 7ff6996c1f14 98 API calls 121346->121347 121348 7ff6996c3a53 121347->121348 121349 7ff6996c1a31 98 API calls 121348->121349 121350 7ff6996c3a5b 121349->121350 121351 7ff69971b1e0 99 API calls 121350->121351 121350->121365 121352 7ff6996c3af9 121351->121352 121353 7ff69971b300 101 API calls 121352->121353 121354 7ff6996c3b43 121353->121354 121355 7ff69971b300 101 API calls 121354->121355 121356 7ff6996c3bdd 121355->121356 121356->121304 121357 7ff6996c3c02 121356->121357 121358 7ff69971b300 101 API calls 121357->121358 121359 7ff6996c3c1f 121358->121359 121360 7ff69970c410 267 API calls 121359->121360 121361 7ff6996c3c2a 121360->121361 121362 7ff6996c1f14 98 API calls 121361->121362 121363 7ff6996c3c44 121362->121363 121364 7ff6996c1a31 98 API calls 121363->121364 121364->121365 121365->121272 121370 7ff6996c35d8 121366->121370 121367 7ff6996c3658 memset 121367->121370 121368 7ff6996c3d46 121610 7ff699757290 98 API calls 121368->121610 121370->121367 121370->121368 121372 7ff6996c372d 121370->121372 121415 7ff6996c3536 121370->121415 121472 7ff6996c5d25 121370->121472 121594 7ff6996c1496 121370->121594 121371 7ff6996c3d5e 121611 7ff699757010 98 API calls 121371->121611 121372->121415 121476 7ff6996fbbf0 121372->121476 121378 7ff6996c3d17 121609 7ff6997577f0 98 API calls 121378->121609 121380 7ff6996c388c 121491 7ff6996c20ea 121380->121491 121382 7ff6996c38ef 121383 7ff6996c20ea 105 API calls 121382->121383 121390 7ff6996c3966 121383->121390 121385 7ff6996c3d6b 98 API calls 121388 7ff6996c375f 121385->121388 121386 7ff6996c3881 121386->121380 121387 7ff6996c3ce2 121386->121387 121608 7ff699757210 98 API calls 121387->121608 121388->121378 121388->121380 121388->121385 121388->121386 121602 7ff6996c21bf 121388->121602 121498 7ff69971b1e0 121390->121498 121392 7ff6996c3a07 121507 7ff69971b300 121392->121507 121400 7ff6996c3a5b 121401 7ff69971b1e0 99 API calls 121400->121401 121400->121415 121402 7ff6996c3af9 121401->121402 121403 7ff69971b300 101 API calls 121402->121403 121404 7ff6996c3b43 121403->121404 121405 7ff69971b300 101 API calls 121404->121405 121406 7ff6996c3bdd 121405->121406 121406->121371 121407 7ff6996c3c02 121406->121407 121408 7ff69971b300 101 API calls 121407->121408 121409 7ff6996c3c1f 121408->121409 121410 7ff69970c410 267 API calls 121409->121410 121411 7ff6996c3c2a 121410->121411 121412 7ff6996c1f14 98 API calls 121411->121412 121413 7ff6996c3c44 121412->121413 121414 7ff6996c1a31 98 API calls 121413->121414 121414->121415 121415->121272 121420 7ff6996c35d8 121416->121420 121417 7ff6996c3658 memset 121417->121420 121418 7ff6996c3d46 122408 7ff699757290 98 API calls 121418->122408 121420->121416 121420->121417 121420->121418 121422 7ff6996c372d 121420->121422 121425 7ff6996c1496 99 API calls 121420->121425 121426 7ff6996c5d25 2 API calls 121420->121426 121465 7ff6996c3536 121420->121465 121421 7ff6996c3d5e 122409 7ff699757010 98 API calls 121421->122409 121427 7ff6996fbbf0 103 API calls 121422->121427 121422->121465 121425->121420 121426->121420 121438 7ff6996c375f 121427->121438 121428 7ff6996c3d17 122407 7ff6997577f0 98 API calls 121428->122407 121430 7ff6996c388c 121431 7ff6996c20ea 105 API calls 121430->121431 121432 7ff6996c38ef 121431->121432 121433 7ff6996c20ea 105 API calls 121432->121433 121440 7ff6996c3966 121433->121440 121434 7ff6996c21bf 99 API calls 121434->121438 121435 7ff6996c3881 121435->121430 121437 7ff6996c3ce2 121435->121437 121436 7ff6996c3d6b 98 API calls 121436->121438 122406 7ff699757210 98 API calls 121437->122406 121438->121428 121438->121430 121438->121434 121438->121435 121438->121436 121441 7ff69971b1e0 99 API calls 121440->121441 121442 7ff6996c3a07 121441->121442 121443 7ff69971b300 101 API calls 121442->121443 121444 7ff6996c3a1f 121443->121444 121445 7ff69970c410 267 API calls 121444->121445 121446 7ff6996c3a39 121445->121446 121447 7ff6996c1f14 98 API calls 121446->121447 121448 7ff6996c3a53 121447->121448 121449 7ff6996c1a31 98 API calls 121448->121449 121450 7ff6996c3a5b 121449->121450 121451 7ff69971b1e0 99 API calls 121450->121451 121450->121465 121452 7ff6996c3af9 121451->121452 121453 7ff69971b300 101 API calls 121452->121453 121454 7ff6996c3b43 121453->121454 121455 7ff69971b300 101 API calls 121454->121455 121456 7ff6996c3bdd 121455->121456 121456->121421 121457 7ff6996c3c02 121456->121457 121458 7ff69971b300 101 API calls 121457->121458 121459 7ff6996c3c1f 121458->121459 121460 7ff69970c410 267 API calls 121459->121460 121461 7ff6996c3c2a 121460->121461 121462 7ff6996c1f14 98 API calls 121461->121462 121463 7ff6996c3c44 121462->121463 121464 7ff6996c1a31 98 API calls 121463->121464 121464->121465 121465->121272 121471 7ff699757210 98 API calls 121466->121471 121469->121277 121473 7ff6996c5d3f 121472->121473 121474 7ff6996c5d44 121472->121474 121612 7ff6996c744b 121473->121612 121474->121370 121621 7ff699713750 121476->121621 121478 7ff6996fbc4b 121478->121388 121481 7ff6996fbe03 CloseHandle 121481->121478 121482 7ff6996fbe29 121642 7ff69975d450 98 API calls 121482->121642 121484 7ff6996fbc43 121484->121478 121484->121481 121484->121482 121634 7ff699717000 121484->121634 121492 7ff6996c2100 121491->121492 121493 7ff6996c2119 121492->121493 121495 7ff6996c210a 121492->121495 121794 7ff69974b9b0 121493->121794 121868 7ff6996c1fb8 121495->121868 121496 7ff6996c2121 121496->121382 121499 7ff69971b1fc 121498->121499 121505 7ff69971b22b memcpy 121498->121505 121501 7ff69971b2ee 121499->121501 121502 7ff6996c3e00 2 API calls 121499->121502 121893 7ff69974a450 98 API calls 121501->121893 121503 7ff69971b222 121502->121503 121503->121501 121503->121505 121505->121392 121508 7ff69971b31c 121507->121508 121509 7ff69971b347 memcpy 121507->121509 121510 7ff69971b3aa 121508->121510 121512 7ff6996c3e00 2 API calls 121508->121512 121513 7ff69971b369 121509->121513 121514 7ff6996c3a1f 121509->121514 121895 7ff69974a450 98 API calls 121510->121895 121516 7ff69971b342 121512->121516 121894 7ff6996e7ab0 98 API calls 121513->121894 121531 7ff69970c410 121514->121531 121516->121509 121516->121510 121896 7ff69971b630 121531->121896 121533 7ff69970c44f 121534 7ff6996c3a39 121533->121534 121535 7ff69970c497 121533->121535 121536 7ff69970c492 CloseHandle 121533->121536 121582 7ff6996c1f14 121534->121582 121537 7ff69970c4ed 121535->121537 121538 7ff69970c545 121535->121538 121536->121535 121541 7ff69970c56f 121537->121541 121542 7ff69970c4f2 121537->121542 121539 7ff69970c597 WaitForSingleObject 121538->121539 121540 7ff69970c54a 121538->121540 121543 7ff69970c5a8 GetLastError 121539->121543 121544 7ff69970c5ed 121539->121544 122195 7ff69971a0b0 99 API calls 121540->122195 122196 7ff69971a0b0 99 API calls 121541->122196 122176 7ff69971a490 121542->122176 121548 7ff69970c5b9 121543->121548 121544->121543 121553 7ff69970c5d5 121544->121553 121548->121553 121550 7ff69970c561 121554 7ff69970c698 121550->121554 121555 7ff69970c56a CloseHandle 121550->121555 121551 7ff69970c586 121551->121555 121556 7ff69970c6cc 121551->121556 121552 7ff69970c50e 122194 7ff6997577f0 98 API calls 121552->122194 121560 7ff69970c630 CloseHandle CloseHandle 121553->121560 122197 7ff6997577f0 98 API calls 121554->122197 121555->121539 122198 7ff6997577f0 98 API calls 121556->122198 121562 7ff69970c646 121560->121562 121562->121534 121583 7ff6996c1f27 121582->121583 121584 7ff6996c1f4d 121582->121584 121587 7ff6996c1a31 121583->121587 122384 7ff6997577f0 98 API calls 121584->122384 121593 7ff6996c1a49 121587->121593 121588 7ff6996c1d6d 122386 7ff699757010 98 API calls 121588->122386 121592 7ff6996c1d10 121592->121400 121593->121588 121593->121592 122385 7ff699757010 98 API calls 121593->122385 121595 7ff6996c14ce 121594->121595 121596 7ff6996c155e 121595->121596 121597 7ff6996c1537 121595->121597 122392 7ff69975d4c0 98 API calls 121596->122392 122387 7ff6996c213e 121597->122387 121600 7ff6996c1547 121600->121370 121603 7ff6996c21cf 121602->121603 122400 7ff6996c1450 121603->122400 121606 7ff6996c213e 99 API calls 121607 7ff6996c2288 121606->121607 121607->121388 121613 7ff6996c745e 121612->121613 121615 7ff6996c7457 121612->121615 121616 7ff6996c73a0 121613->121616 121615->121474 121617 7ff6996c73b7 121616->121617 121619 7ff6996c73cd 121616->121619 121617->121619 121620 7ff6996c7373 GetProcessHeap HeapAlloc 121617->121620 121619->121615 121620->121619 121643 7ff699721a40 121621->121643 121623 7ff699713783 121633 7ff699713790 121623->121633 121689 7ff699723f30 121623->121689 121625 7ff6997137ba 121626 7ff699713991 121625->121626 121627 7ff699713898 CreateFileW 121625->121627 121625->121633 121629 7ff699713996 GetLastError 121626->121629 121628 7ff69971394c GetLastError 121627->121628 121630 7ff6997138da 121627->121630 121628->121633 121629->121633 121631 7ff6997138e9 GetLastError 121630->121631 121630->121633 121632 7ff6997138f5 SetFileInformationByHandle 121631->121632 121631->121633 121632->121629 121632->121633 121633->121484 121635 7ff699717038 NtWriteFile 121634->121635 121636 7ff699717030 121634->121636 121637 7ff69971707d WaitForSingleObject 121635->121637 121641 7ff699717094 121635->121641 121636->121635 121638 7ff6997170c0 121637->121638 121637->121641 121793 7ff699705360 98 API calls 121638->121793 121640 7ff6997170fa 121641->121484 121644 7ff699721a69 121643->121644 121645 7ff699721aa3 121643->121645 121646 7ff699721bbc 121644->121646 121648 7ff6996c3e00 2 API calls 121644->121648 121758 7ff6996f09f0 98 API calls 121645->121758 121760 7ff69974a450 98 API calls 121646->121760 121650 7ff699721a9a 121648->121650 121650->121645 121650->121646 121652 7ff699721ad1 121655 7ff699721b51 121652->121655 121759 7ff6996e7950 GetProcessHeap HeapAlloc 121652->121759 121655->121623 121692 7ff699723f59 121689->121692 121691 7ff6997240e3 SetLastError GetFullPathNameW 121691->121692 121693 7ff69972410c GetLastError 121691->121693 121692->121691 121695 7ff699724125 GetLastError 121692->121695 121697 7ff69972415d 121692->121697 121701 7ff699723f9d 121692->121701 121761 7ff6996e7020 98 API calls 121692->121761 121693->121692 121694 7ff6997241b2 GetLastError 121693->121694 121694->121701 121695->121692 121696 7ff699724534 121695->121696 121766 7ff699757290 98 API calls 121696->121766 121699 7ff699724166 121697->121699 121700 7ff69972454e 121697->121700 121703 7ff699724302 121699->121703 121716 7ff699724189 121699->121716 121767 7ff69975d4c0 98 API calls 121700->121767 121701->121625 121704 7ff69972430f 121703->121704 121765 7ff6996e6e30 GetProcessHeap HeapAlloc 121703->121765 121705 7ff699724321 121704->121705 121763 7ff6996e7020 98 API calls 121704->121763 121706 7ff6997243f6 memcpy 121705->121706 121706->121701 121710 7ff699724420 121706->121710 121707 7ff6997242b6 memcpy 121707->121704 121707->121706 121764 7ff6996e7950 GetProcessHeap HeapAlloc 121710->121764 121712 7ff69972454c 121769 7ff69976d100 6 API calls 121712->121769 121714 7ff6997244ed 121714->121704 121718 7ff699724565 121714->121718 121716->121707 121762 7ff6996e6e30 GetProcessHeap HeapAlloc 121716->121762 121717 7ff6997245d0 121770 7ff699723aa0 98 API calls 121717->121770 121718->121712 121768 7ff69974a450 98 API calls 121718->121768 121722 7ff6997243a2 121722->121707 121722->121718 121723 7ff699724610 121724 7ff699724643 121723->121724 121728 7ff699724619 121723->121728 121725 7ff699721a40 82 API calls 121724->121725 121734 7ff69972465c 121725->121734 121726 7ff6997248fe 121727 7ff699724904 memcpy 121726->121727 121748 7ff699724669 121727->121748 121728->121726 121729 7ff699724827 121728->121729 121730 7ff6996c3e00 2 API calls 121728->121730 121728->121748 121789 7ff69974a450 98 API calls 121729->121789 121733 7ff69972481b 121730->121733 121731 7ff699724788 SetLastError GetFullPathNameW 121731->121734 121735 7ff6997247aa GetLastError 121731->121735 121733->121727 121733->121729 121734->121731 121738 7ff6997247c3 GetLastError 121734->121738 121740 7ff69972482c 121734->121740 121734->121748 121771 7ff6996e7020 98 API calls 121734->121771 121735->121734 121737 7ff699724892 GetLastError 121735->121737 121737->121748 121738->121734 121741 7ff699724944 121738->121741 121739 7ff69972496c 121790 7ff69975d4c0 98 API calls 121739->121790 121740->121739 121743 7ff699724835 121740->121743 121788 7ff699757290 98 API calls 121741->121788 121772 7ff6997075f0 121743->121772 121748->121625 121758->121652 121759->121655 121761->121692 121762->121722 121763->121705 121764->121701 121765->121714 121769->121717 121770->121723 121771->121734 121773 7ff699707643 121772->121773 121774 7ff699707617 121772->121774 121779 7ff69970785f 121773->121779 121784 7ff699707670 memcpy 121773->121784 121791 7ff6996e6ed0 98 API calls 121773->121791 121775 7ff699707883 121774->121775 121776 7ff6996c3e00 2 API calls 121774->121776 121792 7ff69974a450 98 API calls 121775->121792 121777 7ff69970763a 121776->121777 121777->121773 121777->121775 121779->121748 121784->121773 121791->121773 121793->121640 121795 7ff69974ba97 121794->121795 121798 7ff69974b9d2 121794->121798 121796 7ff69974bacc 121795->121796 121801 7ff69974ba9c 121795->121801 121875 7ff6997577f0 98 API calls 121795->121875 121796->121496 121798->121795 121799 7ff6996c3e00 2 API calls 121798->121799 121798->121801 121799->121795 121876 7ff69974a450 98 API calls 121801->121876 121877 7ff6996cda67 121868->121877 121870 7ff6996c1fdf 121871 7ff6996c1fe9 memcpy 121870->121871 121872 7ff6996c2016 121870->121872 121871->121496 121881 7ff69974a450 98 API calls 121872->121881 121878 7ff6996cda75 121877->121878 121880 7ff6996cda8c 121877->121880 121878->121880 121882 7ff6996cd8cd 121878->121882 121880->121870 121883 7ff6996cd8ed 121882->121883 121884 7ff6996cd8dd 121882->121884 121883->121880 121885 7ff6996cd8e2 121884->121885 121886 7ff6996cd8ef 121884->121886 121889 7ff6996c3e30 121885->121889 121887 7ff6996c3e00 2 API calls 121886->121887 121887->121883 121890 7ff699710730 121889->121890 121891 7ff699712cf0 2 API calls 121890->121891 121892 7ff699710767 121891->121892 121892->121883 121894->121514 121897 7ff69971b683 121896->121897 121899 7ff69971f238 GetLastError 121897->121899 121930 7ff69971b688 121897->121930 121937 7ff69971b6d5 121897->121937 121944 7ff69971b80e 121897->121944 122333 7ff699757210 98 API calls 121899->122333 121900 7ff69971beb7 121904 7ff6996c3e00 2 API calls 121900->121904 121903 7ff69971c58f CloseHandle 121915 7ff69971f37e CloseHandle 121903->121915 121909 7ff69971bf02 121904->121909 121905 7ff69971c43c 121906 7ff69971c44c 121905->121906 121907 7ff69971c443 CloseHandle 121905->121907 121906->121533 121907->121906 121913 7ff69971f2ab 121909->121913 122263 7ff6996f0b70 98 API calls 121909->122263 121911 7ff69971b7f4 FreeEnvironmentStringsW 121911->121944 121912 7ff69971f16e 122325 7ff69974a450 98 API calls 121912->122325 122334 7ff69974a450 98 API calls 121913->122334 121914 7ff69971bac3 memcpy 121914->121944 121916 7ff69971f3ac CloseHandle 121915->121916 121924 7ff69971f42d 121916->121924 121925 7ff69971f3bd CloseHandle 121916->121925 121918 7ff6996c3e00 GetProcessHeap HeapAlloc 121918->121944 121919 7ff69971c177 121934 7ff69971c19b 121919->121934 121958 7ff69971c2e4 121919->121958 121923 7ff69971bb49 memcpy 121923->121944 121929 7ff6996d8790 CloseHandle CloseHandle 121924->121929 121925->121924 121927 7ff69971f181 122326 7ff69974a450 98 API calls 121927->122326 121932 7ff69971f439 121929->121932 121930->121919 121941 7ff69971c1cb 121930->121941 121930->121958 122153 7ff69971c3c0 121930->122153 121931 7ff69971f194 122327 7ff69974a450 98 API calls 121931->122327 121938 7ff6996d7710 98 API calls 121932->121938 121965 7ff69971f445 121932->121965 121933 7ff69971bbc9 memcpy 122262 7ff6996e10d0 136 API calls 121933->122262 121934->121913 121942 7ff6996c3e00 2 API calls 121934->121942 121936 7ff6996e5ea0 106 API calls 121936->121944 121937->121911 122257 7ff699718c30 99 API calls 121937->122257 122258 7ff6996f0b70 98 API calls 121937->122258 122259 7ff6996e10d0 136 API calls 121937->122259 121938->121965 121941->121934 121945 7ff69971c1cf 121941->121945 121946 7ff69971c231 121942->121946 121943 7ff69971bfd5 CompareStringOrdinal 121948 7ff69971bf42 121943->121948 121944->121900 121944->121912 121944->121914 121944->121918 121944->121923 121944->121927 121944->121931 121944->121933 121944->121936 121950 7ff69971f1c4 121944->121950 122260 7ff6996d5340 98 API calls 121944->122260 122261 7ff6996e6860 100 API calls 121944->122261 121949 7ff699721a40 98 API calls 121945->121949 121946->121913 121951 7ff69971c23a memcpy 121946->121951 121947 7ff69971c04c 121947->121930 121952 7ff69971f0e9 GetLastError 121947->121952 121948->121930 121948->121943 121948->121947 122012 7ff69971c2b5 121948->122012 121953 7ff69971c1de 121949->121953 122329 7ff699757290 98 API calls 121950->122329 122264 7ff699722fb0 100 API calls 121951->122264 122324 7ff699757210 98 API calls 121952->122324 121979 7ff69971c1f9 121953->121979 122267 7ff699713310 121953->122267 121956 7ff69971c275 121960 7ff69971fa90 111 API calls 121956->121960 121959 7ff69971d290 121958->121959 121958->122153 122292 7ff699718dd0 121958->122292 122199 7ff699719030 121959->122199 121966 7ff69971c293 121960->121966 121964 7ff69971c596 121969 7ff699721a40 98 API calls 121964->121969 121968 7ff69971f829 121965->121968 121970 7ff6996d7630 100 API calls 121965->121970 121966->121979 122265 7ff69970aa90 98 API calls 121966->122265 121967 7ff69971d29c 122010 7ff69971d2b2 121967->122010 122224 7ff69970a960 121967->122224 121977 7ff69971f928 121968->121977 121978 7ff69971f918 CloseHandle 121968->121978 121972 7ff69971c5ad 121969->121972 121970->121968 121972->121979 121983 7ff699713310 111 API calls 121972->121983 121973 7ff69971c86e 121991 7ff69971c899 121973->121991 122032 7ff69971c7be 121973->122032 121974 7ff69971c748 SetLastError GetFullPathNameW 121974->121979 121980 7ff69971c76a GetLastError 121974->121980 121975 7ff69971c577 122280 7ff699757290 98 API calls 121975->122280 121982 7ff69976d100 6 API calls 121977->121982 121978->121977 121979->121973 121979->121974 121987 7ff69971c783 GetLastError 121979->121987 121992 7ff69971c7b5 121979->121992 121979->122153 122281 7ff6996e7020 98 API calls 121979->122281 121980->121979 121986 7ff69971c8f0 GetLastError 121980->121986 121989 7ff69971f934 121982->121989 121983->121979 121984 7ff69971ca80 122283 7ff6996e7950 GetProcessHeap HeapAlloc 121984->122283 121986->122153 121987->121979 121995 7ff69971f1a7 121987->121995 121988 7ff69971db87 121993 7ff699709670 98 API calls 121988->121993 121997 7ff699757520 98 API calls 121989->121997 121990 7ff699709670 98 API calls 122028 7ff69971d272 121990->122028 121991->121986 122001 7ff69971f2ba 121992->122001 121992->122032 121998 7ff69971dbb1 121993->121998 121994 7ff699718dd0 98 API calls 121994->122028 122328 7ff699757290 98 API calls 121995->122328 122005 7ff69971f939 121997->122005 122006 7ff69971dbd1 121998->122006 122017 7ff69970a360 101 API calls 121998->122017 122000 7ff69971ca1a SetLastError GetSystemDirectoryW 122007 7ff69971ca30 GetLastError 122000->122007 122008 7ff69971c948 122000->122008 122335 7ff69975d4c0 98 API calls 122001->122335 122002 7ff69971dcf7 SetLastError GetSystemDirectoryW 122002->122010 122011 7ff69971dd0f GetLastError 122002->122011 122003 7ff69971d2e6 122003->121988 122009 7ff69971d312 122003->122009 122004 7ff69971cabd 122284 7ff6996f09f0 98 API calls 122004->122284 122027 7ff69970fcf0 98 API calls 122005->122027 122018 7ff69971fa90 111 API calls 122006->122018 122007->122008 122020 7ff69971cbfb GetLastError 122007->122020 122008->122000 122021 7ff69971ca4e GetLastError 122008->122021 122029 7ff69971cbc1 122008->122029 122282 7ff6996e7020 98 API calls 122008->122282 122023 7ff699757290 98 API calls 122009->122023 122010->122002 122025 7ff69971dd28 GetLastError 122010->122025 122030 7ff69971dd5a 122010->122030 122040 7ff69971de72 122010->122040 122305 7ff6996e7020 98 API calls 122010->122305 122011->122010 122024 7ff69971de8f GetLastError 122011->122024 122012->121964 122012->121975 122016 7ff69971fa90 111 API calls 122016->122028 122017->122006 122018->122010 122020->122153 122021->122008 122031 7ff69971f1e1 122021->122031 122023->121903 122072 7ff69971ddd5 122024->122072 122025->122010 122033 7ff69971f1fe 122025->122033 122026 7ff69971caf9 122048 7ff69971cb15 122026->122048 122285 7ff6996e7950 GetProcessHeap HeapAlloc 122026->122285 122098 7ff69971f96b 122027->122098 122028->121959 122028->121990 122028->121994 122028->122016 122028->122040 122298 7ff69970a360 101 API calls 122028->122298 122041 7ff69971cbca 122029->122041 122042 7ff69971f2d1 122029->122042 122038 7ff69971f303 122030->122038 122039 7ff69971dd63 122030->122039 122330 7ff699757290 98 API calls 122031->122330 122032->121984 122032->122008 122331 7ff699757290 98 API calls 122033->122331 122037 7ff69971fa43 122037->121533 122339 7ff69975d4c0 98 API calls 122038->122339 122045 7ff6997075f0 98 API calls 122039->122045 122040->122024 122044 7ff69971cbf6 memcpy 122041->122044 122049 7ff6996c3e00 2 API calls 122041->122049 122336 7ff69975d4c0 98 API calls 122042->122336 122085 7ff69971cc89 122044->122085 122047 7ff69971dd72 122045->122047 122227 7ff699709670 122047->122227 122059 7ff69971cc30 122048->122059 122048->122153 122286 7ff6996e7950 GetProcessHeap HeapAlloc 122048->122286 122287 7ff699712e70 98 API calls 122048->122287 122054 7ff69971cbed 122049->122054 122054->122044 122058 7ff69971f2f4 122054->122058 122055 7ff69971dfb7 SetLastError GetWindowsDirectoryW 122056 7ff69971dfcf GetLastError 122055->122056 122055->122072 122064 7ff69971e156 GetLastError 122056->122064 122056->122072 122057 7ff69971dd95 122062 7ff69971ddb8 122057->122062 122068 7ff69970a360 101 API calls 122057->122068 122338 7ff69974a450 98 API calls 122058->122338 122060 7ff69971d152 122059->122060 122059->122153 122291 7ff6996e7950 GetProcessHeap HeapAlloc 122059->122291 122097 7ff69971d43f 122060->122097 122165 7ff69971d1e6 122060->122165 122309 7ff6996e7950 GetProcessHeap HeapAlloc 122060->122309 122069 7ff69971fa90 111 API calls 122062->122069 122088 7ff69971e106 122064->122088 122065 7ff69971dfe8 GetLastError 122067 7ff69971f21b 122065->122067 122065->122072 122332 7ff699757290 98 API calls 122067->122332 122068->122062 122069->122072 122070 7ff69971e01a 122073 7ff69971f31a 122070->122073 122074 7ff69971e023 122070->122074 122071 7ff699723550 101 API calls 122071->122098 122072->122055 122072->122065 122072->122070 122110 7ff69971e092 122072->122110 122306 7ff6996e7020 98 API calls 122072->122306 122340 7ff69975d4c0 98 API calls 122073->122340 122080 7ff6997075f0 98 API calls 122074->122080 122077 7ff69970fcf0 98 API calls 122077->122098 122078 7ff69971cdb6 122081 7ff69971f2e5 122078->122081 122091 7ff6996c3e00 2 API calls 122078->122091 122078->122153 122089 7ff69971e039 122080->122089 122337 7ff69974a450 98 API calls 122081->122337 122083 7ff69971ec17 122319 7ff699724b30 WaitOnAddress GetLastError 122083->122319 122084 7ff69971d4a5 122119 7ff69971d4ce 122084->122119 122299 7ff699711530 98 API calls 122084->122299 122085->122078 122288 7ff6996e7020 98 API calls 122085->122288 122236 7ff6996f9c40 122088->122236 122093 7ff699709670 98 API calls 122089->122093 122094 7ff69971cef9 122091->122094 122100 7ff69971e052 122093->122100 122094->122081 122112 7ff69971cf02 122094->122112 122109 7ff69971d465 122097->122109 122097->122153 122316 7ff6996f0b70 98 API calls 122097->122316 122098->122037 122098->122071 122098->122077 122099 7ff69971eb21 122099->122109 122317 7ff6996e7950 GetProcessHeap HeapAlloc 122099->122317 122102 7ff69971e075 122100->122102 122307 7ff69970a360 101 API calls 122100->122307 122101 7ff69971e9a2 122314 7ff6996d6fd0 100 API calls 122101->122314 122231 7ff69971fa90 122102->122231 122104 7ff69971e954 122113 7ff69971efb9 122104->122113 122114 7ff69971efad CloseHandle 122104->122114 122108 7ff69971e9ad 122108->122097 122315 7ff6996e7950 GetProcessHeap HeapAlloc 122108->122315 122109->122083 122109->122084 122109->122153 122110->122064 122110->122088 122111 7ff69971d086 122135 7ff69971d0b1 122111->122135 122290 7ff6996e7950 GetProcessHeap HeapAlloc 122111->122290 122112->122111 122289 7ff6996e7020 98 API calls 122112->122289 122116 7ff69971efcf 122113->122116 122117 7ff69971efc3 CloseHandle 122113->122117 122114->122113 122125 7ff69971efd9 CloseHandle 122116->122125 122126 7ff69971efe5 122116->122126 122117->122116 122119->122104 122120 7ff69971e98b 122119->122120 122132 7ff69971ece6 122119->122132 122140 7ff69971eb98 122119->122140 122320 7ff6997203a0 102 API calls 122119->122320 122124 7ff69971ef86 CloseHandle 122120->122124 122123 7ff69971ed81 CreateProcessW 122133 7ff69971edd1 122123->122133 122134 7ff69971ef14 GetLastError 122123->122134 122124->122104 122127 7ff69971ef97 CloseHandle 122124->122127 122125->122126 122128 7ff69971f018 122126->122128 122129 7ff69971effd 122126->122129 122127->122104 122142 7ff69971f016 122128->122142 122323 7ff699711530 98 API calls 122128->122323 122129->122142 122322 7ff699711530 98 API calls 122129->122322 122131 7ff69971e58f memcpy 122131->122165 122132->122123 122137 7ff69971ef38 122132->122137 122138 7ff69971ee08 122133->122138 122139 7ff69971ee1b CloseHandle CloseHandle CloseHandle 122133->122139 122136 7ff69971ef72 CloseHandle 122134->122136 122134->122137 122150 7ff69971d529 memcpy 122135->122150 122135->122153 122300 7ff6996e7020 98 API calls 122135->122300 122143 7ff69971ef7e CloseHandle 122136->122143 122137->122136 122138->122139 122148 7ff69971ee4c 122139->122148 122149 7ff69971ee40 CloseHandle 122139->122149 122140->122143 122141 7ff699709670 98 API calls 122151 7ff69971e1d9 122141->122151 122146 7ff69971f041 WakeByAddressSingle 122142->122146 122142->122153 122143->122124 122144 7ff69971e74d 122313 7ff6996d6fd0 100 API calls 122144->122313 122146->122153 122147 7ff699718dd0 98 API calls 122147->122151 122321 7ff6996d7710 98 API calls 122148->122321 122149->122148 122156 7ff69971d54f 122150->122156 122175 7ff69971d55b 122150->122175 122151->122141 122151->122147 122151->122153 122161 7ff69971fa90 111 API calls 122151->122161 122308 7ff69970a360 101 API calls 122151->122308 122153->121905 122266 7ff6996d6fd0 100 API calls 122153->122266 122301 7ff6996e7950 GetProcessHeap HeapAlloc 122156->122301 122158 7ff69971d514 122158->122150 122161->122151 122162 7ff69971d603 122162->122059 122318 7ff6996e7950 GetProcessHeap HeapAlloc 122162->122318 122165->122101 122165->122131 122165->122144 122168 7ff6996e7950 GetProcessHeap HeapAlloc 122165->122168 122310 7ff6996e3a70 100 API calls 122165->122310 122311 7ff6996e7020 98 API calls 122165->122311 122312 7ff6996f09f0 98 API calls 122165->122312 122167 7ff69971ee58 122167->121905 122168->122165 122169 7ff6996e7020 98 API calls 122169->122175 122171 7ff69971da99 122304 7ff6996e7950 GetProcessHeap HeapAlloc 122171->122304 122172 7ff6996e7950 GetProcessHeap HeapAlloc 122172->122175 122174 7ff69971daa5 122174->121533 122175->122153 122175->122162 122175->122169 122175->122171 122175->122172 122302 7ff699712e70 98 API calls 122175->122302 122303 7ff69976c1a0 98 API calls 122175->122303 122352 7ff69971a7a0 122176->122352 122179 7ff69971a4d7 122182 7ff69971a7a0 101 API calls 122179->122182 122180 7ff69971a4ca CloseHandle 122181 7ff69970c505 122180->122181 122181->121539 122181->121552 122186 7ff69971a4fe 122182->122186 122183 7ff69971a6ec 122184 7ff6996d86c0 103 API calls 122183->122184 122184->122181 122185 7ff69971a675 GetLastError 122193 7ff69971a630 122185->122193 122186->122183 122186->122185 122187 7ff69971a5d4 GetOverlappedResult 122186->122187 122188 7ff69971a880 98 API calls 122186->122188 122189 7ff69971a589 GetOverlappedResult 122186->122189 122186->122193 122187->122186 122191 7ff69971a686 GetLastError 122187->122191 122188->122186 122189->122186 122192 7ff69971a708 GetLastError 122189->122192 122191->122193 122192->122193 122364 7ff6996d86c0 122193->122364 122195->121550 122196->121551 122200 7ff6997190c0 122199->122200 122203 7ff699719094 122199->122203 122200->122203 122201 7ff699719117 SetLastError GetModuleFileNameW 122201->122203 122204 7ff699719132 GetLastError 122201->122204 122203->122200 122203->122201 122206 7ff69971914b GetLastError 122203->122206 122208 7ff69971917d 122203->122208 122341 7ff6996e7020 98 API calls 122203->122341 122204->122203 122205 7ff6997191e7 GetLastError 122204->122205 122214 7ff699719195 122205->122214 122206->122203 122207 7ff69971921a 122206->122207 122342 7ff699757290 98 API calls 122207->122342 122209 7ff699719186 122208->122209 122210 7ff699719234 122208->122210 122213 7ff6997075f0 98 API calls 122209->122213 122343 7ff69975d4c0 98 API calls 122210->122343 122213->122214 122214->121967 122344 7ff699723aa0 98 API calls 122224->122344 122226 7ff69970a987 122228 7ff6997096a5 122227->122228 122345 7ff699723aa0 98 API calls 122228->122345 122230 7ff6997096d0 122232 7ff699721a40 98 API calls 122231->122232 122233 7ff69971fab7 122232->122233 122234 7ff699713310 111 API calls 122233->122234 122235 7ff69971fac4 122233->122235 122234->122235 122235->122110 122237 7ff699721a40 98 API calls 122236->122237 122240 7ff6996f9c71 122237->122240 122238 7ff6996f9d68 SetLastError GetEnvironmentVariableW 122238->122240 122241 7ff6996f9d88 GetLastError 122238->122241 122240->122238 122243 7ff6996f9da1 GetLastError 122240->122243 122245 7ff6996f9dd3 122240->122245 122251 7ff6996f9c7a 122240->122251 122346 7ff6996e7020 98 API calls 122240->122346 122241->122240 122242 7ff6996f9e60 GetLastError 122241->122242 122242->122251 122243->122240 122244 7ff6996f9ef7 122243->122244 122347 7ff699757290 98 API calls 122244->122347 122246 7ff6996f9f11 122245->122246 122247 7ff6996f9ddc 122245->122247 122348 7ff69975d4c0 98 API calls 122246->122348 122249 7ff6997075f0 98 API calls 122247->122249 122249->122251 122251->122151 122257->121937 122258->121937 122259->121937 122260->121944 122261->121944 122262->121944 122263->121948 122264->121956 122266->121905 122268 7ff69971332a 122267->122268 122271 7ff69971333f 122267->122271 122268->121979 122269 7ff69971335b 122270 7ff699723f30 98 API calls 122269->122270 122272 7ff699713377 122270->122272 122271->122269 122273 7ff6997133b2 122271->122273 122274 7ff69971339a 122271->122274 122272->121979 122273->122269 122277 7ff6997133f1 122273->122277 122349 7ff699721c00 105 API calls 122274->122349 122276 7ff6997133ab 122276->121979 122350 7ff699722020 104 API calls 122277->122350 122279 7ff699713407 122279->121979 122281->121979 122282->122008 122283->122004 122284->122026 122285->122048 122286->122048 122287->122048 122288->122085 122289->122112 122290->122135 122291->122060 122295 7ff699718e2c 122292->122295 122293 7ff699718f90 122293->122028 122294 7ff6997075f0 98 API calls 122294->122293 122296 7ff699718f7c 122295->122296 122351 7ff6996e7950 GetProcessHeap HeapAlloc 122295->122351 122296->122293 122296->122294 122298->122028 122299->122119 122300->122158 122301->122175 122302->122175 122303->122175 122304->122174 122305->122010 122306->122072 122307->122102 122308->122151 122309->122165 122310->122165 122311->122165 122312->122165 122313->122153 122314->122108 122315->122097 122316->122099 122317->122109 122318->122059 122319->122119 122320->122132 122321->122167 122322->122142 122323->122142 122341->122203 122344->122226 122345->122230 122346->122240 122349->122276 122350->122279 122351->122295 122353 7ff69971a7cd 122352->122353 122354 7ff69971a827 GetLastError 122353->122354 122355 7ff69971a7d2 122353->122355 122358 7ff69971a851 122354->122358 122356 7ff6996c3e00 2 API calls 122355->122356 122357 7ff69971a7ee 122356->122357 122357->122358 122359 7ff69971a4bc 122357->122359 122367 7ff69974a470 98 API calls 122358->122367 122359->122179 122359->122180 122361 7ff69971a860 CloseHandle CloseHandle 122368 7ff69976d100 6 API calls 122361->122368 122363 7ff69971a87d 122369 7ff69971aae0 122364->122369 122366 7ff6996d86d4 CloseHandle CloseHandle 122367->122361 122368->122363 122370 7ff69971aaf6 122369->122370 122375 7ff69971ab2a 122369->122375 122371 7ff69971ab09 GetOverlappedResult 122370->122371 122372 7ff69971ab32 GetLastError 122370->122372 122373 7ff69971aba0 GetLastError 122371->122373 122371->122375 122374 7ff69971ab47 122372->122374 122373->122374 122373->122375 122374->122375 122376 7ff6996c3e00 2 API calls 122374->122376 122375->122366 122377 7ff69971ab87 122376->122377 122377->122375 122382 7ff69974a470 98 API calls 122377->122382 122379 7ff69971ac1f 122383 7ff69976d100 6 API calls 122379->122383 122381 7ff69971ac42 122382->122379 122383->122381 122388 7ff6996c215d memcpy 122387->122388 122389 7ff6996c217b 122387->122389 122388->121600 122393 7ff6996c74eb 122389->122393 122394 7ff6996c744b 2 API calls 122393->122394 122395 7ff6996c74f4 122394->122395 122396 7ff6996c2186 122395->122396 122399 7ff69974a450 98 API calls 122395->122399 122396->122388 122401 7ff6996c1464 122400->122401 122402 7ff6996c1459 122400->122402 122405 7ff69975d4c0 98 API calls 122401->122405 122402->121606 122410 7ff69971fc10 122411 7ff699713750 98 API calls 122410->122411 122412 7ff69971fc6d 122411->122412 122413 7ff69971fc75 122418 7ff6997194d0 122413->122418 122415 7ff69971fc87 122416 7ff69971fc96 122415->122416 122417 7ff69971fdd3 CloseHandle 122415->122417 122417->122416 122419 7ff699719520 GetCurrentProcessId 122418->122419 122420 7ff699719534 122419->122420 122420->122419 122421 7ff699719540 ProcessPrng 122420->122421 122422 7ff69974b9b0 104 API calls 122420->122422 122423 7ff6996c3e00 2 API calls 122420->122423 122424 7ff699719bed 122420->122424 122428 7ff6997197c0 122420->122428 122431 7ff6997199e9 GetLastError 122420->122431 122432 7ff699719aff 122420->122432 122437 7ff699719a8f 122420->122437 122440 7ff6996e6e30 GetProcessHeap HeapAlloc 122420->122440 122421->122420 122421->122421 122422->122420 122423->122420 122442 7ff69974a450 98 API calls 122424->122442 122441 7ff69974a450 98 API calls 122428->122441 122431->122420 122431->122437 122436 7ff699713750 98 API calls 122432->122436 122436->122437 122438 7ff699719adc CloseHandle 122437->122438 122439 7ff699719ae4 122437->122439 122438->122439 122439->122415 122440->122420

                                      Executed Functions

                                      Function 00007FF69971B630 Relevance: 113.7, APIs: 51, Strings: 12, Instructions: 3418COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle$EnvironmentErrorFreeLastStringsmemcpy
                                      • String ID: program path has no file name$#$*+-./:?@\_cmd.exe /e:ON /v:OFF /d /c "$.exeprogram not found$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$PATHlibrary\std\src\sys_common\process.rs$\?\\$\cmd.exemaximum number of ProcThreadAttributes exceeded$]?\\$assertion failed: is_code_point_boundary(self, new_len)$assertion failed: self.height > 0$exe\\.\NULexit code:
                                      • API String ID: 3975177916-99999070
                                      • Opcode ID: 27f4a6b0d6bda9cb54450576a490f162ebdf8d97c201b0c72e428d2778396571
                                      • Instruction ID: 466d10f9f98b10702975adbaf3d8d904750903ed3b09d2db49dc1a7f746b3b13
                                      • Opcode Fuzzy Hash: 27f4a6b0d6bda9cb54450576a490f162ebdf8d97c201b0c72e428d2778396571
                                      • Instruction Fuzzy Hash: D773A062A18AD18AEB708F25D8613F923A1FB45BC8F445176DE0D9FB89DF39A641C700
                                      Function 00007FF6996C2FE9 Relevance: 13.0, APIs: 3, Strings: 4, Instructions: 741synchronizationCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1141 7ff6996c2fe9-7ff6996c3008 1142 7ff6996c3027 1141->1142 1143 7ff6996c300a-7ff6996c3025 call 7ff6996c1893 1141->1143 1145 7ff6996c3029-7ff6996c302c 1142->1145 1146 7ff6996c305a-7ff6996c30a4 call 7ff69975d530 call 7ff69974aed0 1142->1146 1143->1145 1149 7ff6996c302e-7ff6996c3044 1145->1149 1150 7ff6996c3045-7ff6996c3055 call 7ff69975d4c0 1145->1150 1155 7ff6996c3c95-7ff6996c3cca call 7ff6997577f0 1146->1155 1156 7ff6996c30aa-7ff6996c30d7 CreateMutexA GetLastError 1146->1156 1150->1146 1162 7ff6996c3ccf-7ff6996c3cdd call 7ff699757030 1155->1162 1157 7ff6996c30d9-7ff6996c30fa call 7ff6996c1db9 1156->1157 1158 7ff6996c30fb-7ff6996c310e call 7ff6996c3e48 1156->1158 1158->1162 1167 7ff6996c3114-7ff6996c3174 call 7ff6996c74eb 1158->1167 1166 7ff6996c3ce2-7ff6996c3d12 call 7ff699757210 1162->1166 1171 7ff6996c3d17-7ff6996c3d41 call 7ff6997577f0 1166->1171 1172 7ff6996c317b-7ff6996c31c4 call 7ff69970e190 call 7ff69970e1c0 call 7ff6996c1f75 call 7ff6996c21bf 1167->1172 1175 7ff6996c3d46-7ff6996c3d59 call 7ff699757290 1171->1175 1187 7ff6996c31c6-7ff6996c32d3 call 7ff699722e90 call 7ff69970b8e0 call 7ff699722e90 call 7ff6996c20ea call 7ff69970b8e0 call 7ff6996c1d8d * 2 call 7ff6996c1fb8 1172->1187 1179 7ff6996c3d5e-7ff6996c3d6a call 7ff699757010 1175->1179 1204 7ff6996c32da-7ff6996c32dd 1187->1204 1205 7ff6996c32df-7ff6996c32f6 1204->1205 1206 7ff6996c32f8-7ff6996c331f call 7ff6996cd80b 1204->1206 1205->1204 1209 7ff6996c3321-7ff6996c333d call 7ff6996c3f4c 1206->1209 1210 7ff6996c3389-7ff6996c33d1 call 7ff6996ccbfc call 7ff6996c241a 1206->1210 1209->1210 1216 7ff6996c333f-7ff6996c334c 1209->1216 1220 7ff6996c33d3-7ff6996c33e5 call 7ff6996c15d5 1210->1220 1221 7ff6996c3416-7ff6996c3459 call 7ff6996ccc30 1210->1221 1218 7ff6996c334e-7ff6996c335f call 7ff6996c3e20 1216->1218 1219 7ff6996c336c-7ff6996c3374 call 7ff6996c22a2 1216->1219 1229 7ff6996c3361-7ff6996c3367 call 7ff69974a450 1218->1229 1230 7ff6996c3379-7ff6996c3381 1218->1230 1219->1230 1232 7ff6996c3462-7ff6996c3467 1220->1232 1233 7ff6996c33e7-7ff6996c3414 call 7ff6996c19cd 1220->1233 1235 7ff6996c345e-7ff6996c3460 1221->1235 1229->1219 1230->1210 1237 7ff6996c346a-7ff6996c34c2 call 7ff6996ccfbf call 7ff6996cc6f1 1232->1237 1233->1235 1235->1237 1243 7ff6996c34d1-7ff6996c3534 call 7ff6996c1496 1237->1243 1244 7ff6996c34c4-7ff6996c34cc call 7ff6996c1dc4 1237->1244 1248 7ff6996c35b0-7ff6996c35b8 1243->1248 1249 7ff6996c3536-7ff6996c3541 call 7ff6996c19cd 1243->1249 1244->1243 1250 7ff6996c35be-7ff6996c35d6 1248->1250 1251 7ff6996c3739-7ff6996c373c 1248->1251 1253 7ff6996c3546-7ff6996c3572 call 7ff6996c1d8d call 7ff6996c1de7 call 7ff6996c1e41 call 7ff6996c1d7a 1249->1253 1255 7ff6996c35d8-7ff6996c35e3 1250->1255 1251->1253 1254 7ff6996c3742-7ff6996c3762 call 7ff699722e90 call 7ff6996fbbf0 1251->1254 1294 7ff6996c3577-7ff6996c35ab call 7ff6996c1d8d * 4 1253->1294 1254->1171 1281 7ff6996c3768-7ff6996c37c6 call 7ff6996c1d8d call 7ff6996c1de7 call 7ff6996c1e41 call 7ff6996c1d7a call 7ff6996c1d8d 1254->1281 1258 7ff6996c35e5-7ff6996c35fd call 7ff6996c1496 1255->1258 1259 7ff6996c3616-7ff6996c3619 1255->1259 1258->1249 1274 7ff6996c3603-7ff6996c360b 1258->1274 1261 7ff6996c3641-7ff6996c3654 1259->1261 1262 7ff6996c361b-7ff6996c3629 call 7ff6996c5d25 1259->1262 1268 7ff6996c3658-7ff6996c3684 memset call 7ff6996c296e 1261->1268 1272 7ff6996c362e-7ff6996c3631 1262->1272 1282 7ff6996c36df-7ff6996c36e2 1268->1282 1283 7ff6996c3686-7ff6996c3689 1268->1283 1279 7ff6996c3c85-7ff6996c3c90 call 7ff6996fe130 1272->1279 1280 7ff6996c3637-7ff6996c363c 1272->1280 1275 7ff6996c3611 1274->1275 1276 7ff6996c3732 1274->1276 1275->1259 1276->1251 1279->1249 1280->1261 1318 7ff6996c37cd-7ff6996c37d1 1281->1318 1282->1175 1292 7ff6996c36e8-7ff6996c36eb 1282->1292 1287 7ff6996c368f-7ff6996c36c1 call 7ff6996c1573 1283->1287 1288 7ff6996c372d 1283->1288 1287->1249 1309 7ff6996c36c7-7ff6996c36da call 7ff6996c19cd 1287->1309 1288->1276 1292->1288 1296 7ff6996c36ed-7ff6996c3728 1292->1296 1296->1255 1309->1268 1319 7ff6996c37d7-7ff6996c37de 1318->1319 1320 7ff6996c388c-7ff6996c39a8 call 7ff6996c20ea call 7ff699722e90 call 7ff6996c20ea call 7ff6996c28f5 1318->1320 1321 7ff6996c37e0-7ff6996c37e5 1319->1321 1322 7ff6996c37e7-7ff6996c37f9 1319->1322 1351 7ff6996c39b2-7ff6996c39b6 1320->1351 1324 7ff6996c3841-7ff6996c3844 1321->1324 1325 7ff6996c382c-7ff6996c3836 1322->1325 1326 7ff6996c37fb-7ff6996c380e 1322->1326 1330 7ff6996c3860-7ff6996c3862 1324->1330 1331 7ff6996c3846-7ff6996c3849 1324->1331 1325->1324 1328 7ff6996c3810-7ff6996c382a 1326->1328 1329 7ff6996c3838-7ff6996c383f 1326->1329 1328->1324 1329->1324 1333 7ff6996c3871-7ff6996c387c call 7ff6996c21bf 1330->1333 1334 7ff6996c386f 1331->1334 1335 7ff6996c384b-7ff6996c384e 1331->1335 1333->1318 1334->1333 1339 7ff6996c3850-7ff6996c3853 1335->1339 1340 7ff6996c3864 call 7ff6996c3d6b 1335->1340 1344 7ff6996c3881-7ff6996c3886 1339->1344 1345 7ff6996c3855-7ff6996c385e call 7ff6996c3d6b 1339->1345 1348 7ff6996c3869-7ff6996c386d 1340->1348 1344->1166 1344->1320 1345->1348 1348->1333 1352 7ff6996c39b8-7ff6996c39d4 1351->1352 1353 7ff6996c39d6-7ff6996c3a5f call 7ff69971b1e0 call 7ff69971b300 call 7ff69970c410 call 7ff6996c1f14 call 7ff6996c1a31 1351->1353 1352->1351 1364 7ff6996c3a65-7ff6996c3aa7 call 7ff6996c2940 1353->1364 1365 7ff6996c3c59-7ff6996c3c80 call 7ff6996c19af call 7ff6996c1d8d * 2 1353->1365 1370 7ff6996c3ab1-7ff6996c3ab5 1364->1370 1365->1294 1372 7ff6996c3ad5-7ff6996c3b7f call 7ff69971b1e0 call 7ff6996c291a call 7ff69971b300 call 7ff6996c28d5 1370->1372 1373 7ff6996c3ab7-7ff6996c3ad3 1370->1373 1385 7ff6996c3b89-7ff6996c3b8d 1372->1385 1373->1370 1386 7ff6996c3b8f-7ff6996c3ba8 1385->1386 1387 7ff6996c3baa-7ff6996c3bfc call 7ff69971b300 call 7ff699722e90 call 7ff6996fb7a0 1385->1387 1386->1385 1387->1179 1394 7ff6996c3c02-7ff6996c3c25 call 7ff69971b300 call 7ff69970c410 1387->1394 1398 7ff6996c3c2a-7ff6996c3c57 call 7ff6996c1f14 call 7ff6996c1a31 call 7ff6996c19af 1394->1398 1398->1365
                                      APIs
                                      Strings
                                      • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF6996C3174
                                      • 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF6996C37C6
                                      • AppData/Roaming/.ini, xrefs: 00007FF6996C31FB
                                      • assertion failed: filled <= self.buf.init/rustc/eeb90cda1969383f56a2637cbd3037bdf598841c\library\core\src\io\borrowed_buf.rs, xrefs: 00007FF6996C3D46
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CreateErrorLastMutexmemcpy
                                      • String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$AppData/Roaming/.ini$assertion failed: filled <= self.buf.init/rustc/eeb90cda1969383f56a2637cbd3037bdf598841c\library\core\src\io\borrowed_buf.rs
                                      • API String ID: 2779520464-1460878906
                                      • Opcode ID: 63a98975d89a9dc67988b5756ed7a79aa7959603918e2b9376bb64181ca15bd6
                                      • Instruction ID: b0970a27c2c3a8916f09ff3406e8e7ccf4221befc55afbb13af48501c1c53e81
                                      • Opcode Fuzzy Hash: 63a98975d89a9dc67988b5756ed7a79aa7959603918e2b9376bb64181ca15bd6
                                      • Instruction Fuzzy Hash: 66729E72A09A8291FE309F11E4517EE6360FB88780F804176EB9D97B99EF3CE185D700
                                      Function 00007FF6996C1180 Relevance: 10.6, APIs: 7, Instructions: 137sleepstringCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: malloc$ExceptionFilterSleepUnhandledmemcpystrlen
                                      • String ID:
                                      • API String ID: 3806033187-0
                                      • Opcode ID: 185179c1d74cf54bdcd9faed2df6e4b5ea4683eb18480226f85787322097f7df
                                      • Instruction ID: c5a71be089438e176d4da28cdc30edc6a872d43e3590242f17807fc599acdd57
                                      • Opcode Fuzzy Hash: 185179c1d74cf54bdcd9faed2df6e4b5ea4683eb18480226f85787322097f7df
                                      • Instruction Fuzzy Hash: 05513836A1964286FB319F26E95027923A1FF44BD4F0548B9DE2DC7795EE2CF880D310
                                      Function 00007FF6997194D0 Relevance: 8.0, APIs: 5, Instructions: 464COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1502 7ff6997194d0-7ff69971951e 1503 7ff699719520-7ff699719532 GetCurrentProcessId 1502->1503 1504 7ff699719568-7ff6997195e2 call 7ff69974b9b0 1503->1504 1505 7ff699719534 1503->1505 1509 7ff6997195f9-7ff699719623 1504->1509 1510 7ff6997195e4-7ff6997195f4 call 7ff6996c3e10 1504->1510 1506 7ff699719540-7ff699719566 ProcessPrng 1505->1506 1506->1504 1506->1506 1512 7ff699719640-7ff699719659 1509->1512 1513 7ff699719625-7ff69971962b 1509->1513 1510->1509 1516 7ff69971970d-7ff69971972d call 7ff6996c3e00 1512->1516 1514 7ff69971962d-7ff699719633 1513->1514 1515 7ff699719660-7ff69971966f 1513->1515 1517 7ff6997196b5-7ff6997196ba 1514->1517 1518 7ff6997196ac-7ff6997196b3 1515->1518 1519 7ff699719671-7ff699719680 1515->1519 1525 7ff699719bf0-7ff699719bfd call 7ff69974a450 1516->1525 1526 7ff699719733-7ff69971974f 1516->1526 1524 7ff6997196bd-7ff6997196fc 1517->1524 1518->1517 1522 7ff699719686-7ff6997196a5 1519->1522 1523 7ff699719a50-7ff699719a5f 1519->1523 1522->1517 1527 7ff6997196a7 1522->1527 1523->1517 1530 7ff699719a65-7ff699719a8a 1523->1530 1528 7ff699719bed 1524->1528 1529 7ff699719702-7ff699719709 1524->1529 1535 7ff699719c02-7ff699719c0a 1525->1535 1531 7ff699719774-7ff699719777 1526->1531 1527->1530 1528->1525 1529->1516 1530->1524 1533 7ff69971977d-7ff699719781 1531->1533 1534 7ff699719800-7ff699719805 1531->1534 1536 7ff6997197d0-7ff6997197d4 1533->1536 1537 7ff699719783-7ff699719788 1533->1537 1538 7ff69971980b-7ff699719813 1534->1538 1539 7ff6997199a0-7ff6997199e3 call 7ff69976cbdc 1534->1539 1540 7ff699719c5d-7ff699719c66 call 7ff69976d100 1535->1540 1541 7ff699719c0c-7ff699719c40 1535->1541 1536->1534 1545 7ff6997197d6-7ff6997197dc 1536->1545 1543 7ff69971978a-7ff6997197be 1537->1543 1544 7ff699719760-7ff699719763 1537->1544 1547 7ff699719890-7ff699719899 1538->1547 1548 7ff699719815-7ff69971982b 1538->1548 1562 7ff6997199e9-7ff6997199fd GetLastError 1539->1562 1563 7ff699719aff-7ff699719b06 1539->1563 1555 7ff699719c50-7ff699719c53 1541->1555 1556 7ff699719c42-7ff699719c4b call 7ff6996c3e10 1541->1556 1550 7ff699719831-7ff699719872 1543->1550 1554 7ff6997197c0 1543->1554 1552 7ff699719766-7ff699719771 1544->1552 1557 7ff6997198da-7ff6997198ee 1545->1557 1558 7ff6997197e2-7ff6997197ed 1545->1558 1547->1552 1548->1550 1551 7ff699719be0 1548->1551 1560 7ff69971989e 1550->1560 1561 7ff699719874-7ff699719881 1550->1561 1564 7ff699719be2-7ff699719beb call 7ff69974a450 1551->1564 1552->1531 1554->1551 1555->1540 1568 7ff699719c55-7ff699719c58 CloseHandle 1555->1568 1556->1555 1565 7ff69971992f-7ff699719942 1557->1565 1566 7ff6997198f0-7ff6997198ff 1557->1566 1558->1544 1569 7ff6997197f3 1558->1569 1570 7ff6997198a0-7ff6997198c2 call 7ff6996e6e30 1560->1570 1561->1570 1571 7ff699719a8f-7ff699719aa9 1562->1571 1572 7ff699719a03-7ff699719a06 1562->1572 1574 7ff699719b08-7ff699719b17 call 7ff6996c3e10 1563->1574 1575 7ff699719b1c-7ff699719b76 call 7ff699713750 1563->1575 1564->1535 1565->1544 1578 7ff699719948 1565->1578 1576 7ff69971994d-7ff699719962 1566->1576 1577 7ff699719901-7ff699719927 1566->1577 1568->1540 1569->1543 1600 7ff6997198c8-7ff6997198d5 1570->1600 1601 7ff699719bd3-7ff699719bde 1570->1601 1580 7ff699719aab-7ff699719ab7 call 7ff6996c3e10 1571->1580 1581 7ff699719abc-7ff699719abf 1571->1581 1583 7ff699719a08-7ff699719a0f 1572->1583 1584 7ff699719a20-7ff699719a23 1572->1584 1574->1575 1596 7ff699719b7b-7ff699719b7e 1575->1596 1576->1537 1579 7ff699719968-7ff69971998f 1576->1579 1577->1537 1587 7ff69971992d 1577->1587 1578->1576 1579->1544 1589 7ff699719995 1579->1589 1580->1581 1591 7ff699719ad6-7ff699719ada 1581->1591 1592 7ff699719ac1-7ff699719ad1 call 7ff6996c3e10 1581->1592 1594 7ff699719a2d-7ff699719a32 1583->1594 1584->1571 1595 7ff699719a25-7ff699719a2b 1584->1595 1587->1579 1589->1543 1598 7ff699719adc-7ff699719adf CloseHandle 1591->1598 1599 7ff699719ae4-7ff699719afe 1591->1599 1592->1591 1594->1503 1602 7ff699719a38-7ff699719a4b call 7ff6996c3e10 1594->1602 1595->1571 1595->1594 1603 7ff699719b9d-7ff699719bb3 1596->1603 1604 7ff699719b80-7ff699719b92 1596->1604 1598->1599 1600->1552 1601->1564 1602->1503 1603->1599 1606 7ff699719bb9-7ff699719bce call 7ff6996c3e10 1603->1606 1604->1592 1605 7ff699719b98 1604->1605 1605->1591 1606->1599
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Process$CurrentPrng
                                      • String ID:
                                      • API String ID: 716580790-0
                                      • Opcode ID: 7d9cc088720c2b5a267d4c65754674e636c2e92e971dd37ae2eb774e57e4a5a3
                                      • Instruction ID: bc402b5a281734165ae955e49d7d9876aa08efc8b6e6965eb10aef36a7b86999
                                      • Opcode Fuzzy Hash: 7d9cc088720c2b5a267d4c65754674e636c2e92e971dd37ae2eb774e57e4a5a3
                                      • Instruction Fuzzy Hash: 6002DF72A087918AEB748F21A4613B937A0FB457D8F044676EE6E8B7C5EE7CD146C300
                                      Function 00007FF699717000 Relevance: 3.1, APIs: 2, Instructions: 75filenativesynchronizationCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: FileObjectSingleWaitWrite
                                      • String ID:
                                      • API String ID: 1507886151-0
                                      • Opcode ID: f90c94bbde2d15f5dd49e45bc93b021f94ca7a944ecab33971cf0177bd17e77b
                                      • Instruction ID: d0e2d133f19a6689d9305eb84e623c90fd157c89caaca0f2e1d32369cdd3f093
                                      • Opcode Fuzzy Hash: f90c94bbde2d15f5dd49e45bc93b021f94ca7a944ecab33971cf0177bd17e77b
                                      • Instruction Fuzzy Hash: 6231AF22B14B819AFB20CF74E8507E933A4EB95798F948174EA4D87B98EF39D194C340
                                      Function 00007FF69970C410 Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 276synchronizationCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1067 7ff69970c410-7ff69970c45b call 7ff69971b630 1070 7ff69970c649-7ff69970c650 1067->1070 1071 7ff69970c461-7ff69970c490 1067->1071 1074 7ff69970c681-7ff69970c697 1070->1074 1072 7ff69970c497-7ff69970c4eb 1071->1072 1073 7ff69970c492 CloseHandle 1071->1073 1075 7ff69970c4ed-7ff69970c4f0 1072->1075 1076 7ff69970c545-7ff69970c548 1072->1076 1073->1072 1079 7ff69970c56f-7ff69970c589 call 7ff69971a0b0 1075->1079 1080 7ff69970c4f2-7ff69970c500 call 7ff69971a490 1075->1080 1077 7ff69970c597-7ff69970c5a6 WaitForSingleObject 1076->1077 1078 7ff69970c54a-7ff69970c564 call 7ff69971a0b0 1076->1078 1081 7ff69970c5a8-7ff69970c5b7 GetLastError 1077->1081 1082 7ff69970c5ed-7ff69970c601 call 7ff69976cb0c 1077->1082 1097 7ff69970c698-7ff69970c6ca call 7ff6997577f0 1078->1097 1098 7ff69970c56a-7ff69970c56d 1078->1098 1099 7ff69970c6cc-7ff69970c6f9 call 7ff6997577f0 1079->1099 1100 7ff69970c58f 1079->1100 1088 7ff69970c505-7ff69970c508 1080->1088 1086 7ff69970c5c8-7ff69970c5d3 1081->1086 1087 7ff69970c5b9-7ff69970c5c3 call 7ff6996c3e10 1081->1087 1096 7ff69970c606-7ff69970c608 1082->1096 1094 7ff69970c5e4-7ff69970c5eb 1086->1094 1095 7ff69970c5d5-7ff69970c5df call 7ff6996c3e10 1086->1095 1087->1086 1088->1077 1093 7ff69970c50e-7ff69970c540 call 7ff6997577f0 1088->1093 1110 7ff69970c6fe-7ff69970c76f call 7ff6996d7ef0 CloseHandle 1093->1110 1105 7ff69970c630-7ff69970c644 CloseHandle * 2 1094->1105 1095->1094 1096->1081 1106 7ff69970c60a-7ff69970c62c 1096->1106 1097->1110 1107 7ff69970c592 CloseHandle 1098->1107 1099->1110 1100->1107 1111 7ff69970c646 1105->1111 1112 7ff69970c652-7ff69970c67d 1105->1112 1106->1105 1107->1077 1117 7ff69970c780-7ff69970c787 1110->1117 1118 7ff69970c771-7ff69970c77b call 7ff6996c3e10 1110->1118 1111->1070 1112->1074 1120 7ff69970c798-7ff69970c7fb call 7ff6996d8790 CloseHandle * 2 call 7ff69976d100 call 7ff69971b630 1117->1120 1121 7ff69970c789-7ff69970c793 call 7ff6996c3e10 1117->1121 1118->1117 1129 7ff69970c80c-7ff69970c823 1120->1129 1130 7ff69970c7fd-7ff69970c807 1120->1130 1121->1120 1132 7ff69970c82e-7ff69970c83d WaitForSingleObject 1129->1132 1133 7ff69970c825-7ff69970c829 CloseHandle 1129->1133 1131 7ff69970c8a2-7ff69970c8b5 1130->1131 1134 7ff69970c857-7ff69970c86c GetExitCodeProcess 1132->1134 1135 7ff69970c83f-7ff69970c855 GetLastError 1132->1135 1133->1132 1134->1135 1137 7ff69970c86e-7ff69970c874 1134->1137 1136 7ff69970c876-7ff69970c88b CloseHandle * 2 1135->1136 1138 7ff69970c88d-7ff69970c890 CloseHandle 1136->1138 1139 7ff69970c895-7ff69970c898 1136->1139 1137->1136 1138->1139 1139->1131 1140 7ff69970c89a-7ff69970c89d CloseHandle 1139->1140 1140->1131
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle$ErrorLastObjectSingleWait
                                      • String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$called `Result::unwrap()` on an `Err` value
                                      • API String ID: 1454876536-677056220
                                      • Opcode ID: 70676137e3e6d45ccbc11c6f306daaa86eb11d731be05b264ede06c0d3c4266b
                                      • Instruction ID: e032d07532d4d0cbe74649957c8a9d2e197562f8fc978b31e2858935fe01e126
                                      • Opcode Fuzzy Hash: 70676137e3e6d45ccbc11c6f306daaa86eb11d731be05b264ede06c0d3c4266b
                                      • Instruction Fuzzy Hash: E7C13D32A04A8289EB30DF75D9413E937A0FB44788F585575EE4D8BB9ADF3AE185C340
                                      Function 00007FF69971A490 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1447 7ff69971a490-7ff69971a4c8 call 7ff69971a7a0 1450 7ff69971a4d7-7ff69971a50a call 7ff69971a7a0 1447->1450 1451 7ff69971a4ca-7ff69971a4d2 CloseHandle 1447->1451 1455 7ff69971a6ec-7ff69971a6f0 call 7ff6996d86c0 1450->1455 1456 7ff69971a510-7ff69971a54c 1450->1456 1452 7ff69971a6f5-7ff69971a707 1451->1452 1455->1452 1458 7ff69971a550-7ff69971a569 call 7ff69976c8fc 1456->1458 1461 7ff69971a56b-7ff69971a56d 1458->1461 1462 7ff69971a5c0-7ff69971a5c7 1458->1462 1463 7ff69971a573-7ff69971a57a 1461->1463 1464 7ff69971a675-7ff69971a684 GetLastError 1461->1464 1465 7ff69971a5c9-7ff69971a5cc 1462->1465 1466 7ff69971a615-7ff69971a61b call 7ff69971a880 1462->1466 1467 7ff69971a580-7ff69971a583 1463->1467 1468 7ff69971a652-7ff69971a658 call 7ff69971a880 1463->1468 1471 7ff69971a6e3-7ff69971a6e7 call 7ff6996d86c0 1464->1471 1469 7ff69971a5ce-7ff69971a5d2 1465->1469 1470 7ff69971a5d4-7ff69971a5f3 GetOverlappedResult 1465->1470 1480 7ff69971a620-7ff69971a624 1466->1480 1473 7ff69971a589-7ff69971a5a8 GetOverlappedResult 1467->1473 1474 7ff69971a635 1467->1474 1484 7ff69971a65d-7ff69971a661 1468->1484 1477 7ff69971a5fc-7ff69971a60f 1469->1477 1478 7ff69971a686-7ff69971a6b3 GetLastError 1470->1478 1479 7ff69971a5f9 1470->1479 1471->1455 1482 7ff69971a708-7ff69971a735 GetLastError 1473->1482 1483 7ff69971a5ae-7ff69971a5b1 1473->1483 1481 7ff69971a639-7ff69971a64c 1474->1481 1477->1466 1487 7ff69971a6d5 1477->1487 1485 7ff69971a6b5-7ff69971a6c2 1478->1485 1486 7ff69971a6c4-7ff69971a6cd call 7ff6996d7ef0 1478->1486 1479->1477 1488 7ff69971a626-7ff69971a62a 1480->1488 1489 7ff69971a66f-7ff69971a673 1480->1489 1481->1468 1490 7ff69971a6d8-7ff69971a6e0 call 7ff69971a9e0 1481->1490 1493 7ff69971a737-7ff69971a744 1482->1493 1494 7ff69971a746-7ff69971a757 call 7ff6996d7ef0 1482->1494 1483->1481 1484->1489 1492 7ff69971a663-7ff69971a667 1484->1492 1485->1471 1485->1486 1486->1487 1487->1490 1488->1458 1491 7ff69971a630 1488->1491 1489->1471 1490->1471 1491->1487 1492->1458 1497 7ff69971a66d 1492->1497 1493->1471 1493->1494 1494->1490 1497->1490
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseErrorHandleLastOverlappedResult
                                      • String ID:
                                      • API String ID: 3265865415-0
                                      • Opcode ID: 974bcaf89749150f73524150dc6f3ccb19d09a8b1d022fd24aea04af91ce6d5d
                                      • Instruction ID: fa66c95a5515a96a3f007a97edc56a9defa26850e8d8f1ec908b6b9611fe6b0c
                                      • Opcode Fuzzy Hash: 974bcaf89749150f73524150dc6f3ccb19d09a8b1d022fd24aea04af91ce6d5d
                                      • Instruction Fuzzy Hash: ED712922B08B958AFF348F7588513FC26A0EB557D8F080571EE1C9AB8ADF39E5918340
                                      Function 00007FF699713750 Relevance: 7.7, APIs: 5, Instructions: 184fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1611 7ff699713750-7ff69971378e call 7ff699721a40 1614 7ff69971379a-7ff6997137ca call 7ff699723f30 1611->1614 1615 7ff699713790-7ff699713795 1611->1615 1619 7ff6997137cc-7ff6997137cf 1614->1619 1620 7ff6997137d4-7ff6997137e0 1614->1620 1616 7ff69971393c-7ff69971394b 1615->1616 1619->1616 1621 7ff6997137ec-7ff6997137ee 1620->1621 1622 7ff6997137e2-7ff6997137e4 1620->1622 1624 7ff6997137f0-7ff6997137f8 1621->1624 1625 7ff699713835-7ff699713839 1621->1625 1623 7ff6997137e6-7ff6997137ea 1622->1623 1622->1624 1628 7ff699713849-7ff69971384d 1623->1628 1624->1628 1629 7ff6997137fa-7ff6997137fc 1624->1629 1626 7ff69971383b-7ff69971383f 1625->1626 1627 7ff6997137fe-7ff69971380b 1625->1627 1626->1627 1630 7ff699713841-7ff699713845 1626->1630 1627->1616 1633 7ff699713811-7ff699713830 call 7ff6996c3e10 1627->1633 1631 7ff69971384f-7ff699713851 1628->1631 1632 7ff699713882-7ff699713884 1628->1632 1629->1627 1629->1628 1630->1627 1634 7ff699713847 1630->1634 1635 7ff69971388a-7ff699713893 1631->1635 1636 7ff699713853-7ff69971385c 1631->1636 1632->1635 1637 7ff69971397b-7ff69971398b 1632->1637 1633->1616 1634->1628 1639 7ff69971385e-7ff699713862 1635->1639 1640 7ff699713895 1635->1640 1636->1639 1636->1640 1637->1640 1641 7ff699713991 1637->1641 1643 7ff699713968-7ff69971396b 1639->1643 1644 7ff699713868-7ff699713880 1639->1644 1645 7ff699713898-7ff6997138d8 CreateFileW 1640->1645 1650 7ff699713996-7ff6997139b1 GetLastError call 7ff69976cc24 1641->1650 1646 7ff69971396d-7ff69971396f 1643->1646 1647 7ff6997139d4-7ff6997139d6 1643->1647 1644->1645 1648 7ff6997138da-7ff6997138e1 1645->1648 1649 7ff69971394c-7ff699713964 GetLastError 1645->1649 1652 7ff6997139dc-7ff6997139e1 1646->1652 1655 7ff699713971-7ff699713976 1646->1655 1647->1627 1647->1652 1656 7ff699713918-7ff69971391d 1648->1656 1657 7ff6997138e3-7ff6997138e7 1648->1657 1653 7ff699713966 1649->1653 1654 7ff69971391f-7ff699713936 call 7ff6996c3e10 1649->1654 1663 7ff6997139c7-7ff6997139cf 1650->1663 1664 7ff6997139b3-7ff6997139c2 call 7ff6996c3e10 1650->1664 1652->1645 1659 7ff699713939 1653->1659 1654->1659 1655->1645 1656->1654 1656->1659 1657->1656 1661 7ff6997138e9-7ff6997138f3 GetLastError 1657->1661 1659->1616 1661->1656 1662 7ff6997138f5-7ff699713916 SetFileInformationByHandle 1661->1662 1662->1650 1662->1656 1663->1616 1664->1663
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$File$CreateHandleInformation
                                      • String ID:
                                      • API String ID: 1834474996-0
                                      • Opcode ID: f273ef88e2bac6326e9b2940877e3eefe1307dc294658eb469f631bb574f4843
                                      • Instruction ID: 31ed35b37b349673c505ffbb58730edb10d18551e01c06201bc3fca05f00a853
                                      • Opcode Fuzzy Hash: f273ef88e2bac6326e9b2940877e3eefe1307dc294658eb469f631bb574f4843
                                      • Instruction Fuzzy Hash: 7761C2A1E0819247FB318F2185213B92AA0EB46BD8F1441B2DD5D9FBC9DE3DE8468731
                                      Function 00007FF6996FBBF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      Strings
                                      • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF6996FBBF5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards
                                      • API String ID: 0-3387848338
                                      • Opcode ID: ee5c1d5ab09d0494fec1969195c37f65f76453e1c0a170b018d8b387e33d525c
                                      • Instruction ID: 71e25d0d29bb18e5dcdbbf50d8909e69369cf95312695cadf025f8525923bae9
                                      • Opcode Fuzzy Hash: ee5c1d5ab09d0494fec1969195c37f65f76453e1c0a170b018d8b387e33d525c
                                      • Instruction Fuzzy Hash: AD310262F0868295FB25DF319A053B92A61EF887DCF5C84B1DE1C8BB85DE7DA181D340
                                      Function 00007FF69971A7A0 Relevance: 3.8, APIs: 3, Instructions: 67COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle$ErrorLast
                                      • String ID:
                                      • API String ID: 1798101686-0
                                      • Opcode ID: a3ddd86106da4bf881b97e782787d81133a10f990cbf08c49f9bebbb8d9dd90e
                                      • Instruction ID: be6220014987e6435df1a60e733a4479dcf8be46a775f787bb7f8fff53d9805b
                                      • Opcode Fuzzy Hash: a3ddd86106da4bf881b97e782787d81133a10f990cbf08c49f9bebbb8d9dd90e
                                      • Instruction Fuzzy Hash: 9311AF22B0874142FB69AF22A55137936A0EB897D0F184174DF8C4BB82EF3DA4A2C340
                                      Function 00007FF6996F72A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42threadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: DescriptionThread
                                      • String ID: main
                                      • API String ID: 2285587249-3207122276
                                      • Opcode ID: ab7703ec82c3bf8afcebab53cce1798250a40d462dbe90b47f8c00be0dd91670
                                      • Instruction ID: e13cec7426a4de584f3658b642437e90ad706e4d00fb596bf5912fad1607b205
                                      • Opcode Fuzzy Hash: ab7703ec82c3bf8afcebab53cce1798250a40d462dbe90b47f8c00be0dd91670
                                      • Instruction Fuzzy Hash: 5D018B22B04A4198FB20EF61E9052FC3360EB41388F940479DE0C8BA99EF38E44AC340
                                      Function 00007FF6996D86C0 Relevance: 2.5, APIs: 2, Instructions: 19COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1746 7ff6996d86c0-7ff6996d86fb call 7ff69971aae0 CloseHandle * 2
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle$OverlappedResult
                                      • String ID:
                                      • API String ID: 953004297-0
                                      • Opcode ID: 587d117bb2e4bd6e76d768e4040b3462c371f62b385f616c831b7967524fd2f9
                                      • Instruction ID: 4239525c584491302ae068008b1549652a6760e004c8c20e790d91bd48c677bd
                                      • Opcode Fuzzy Hash: 587d117bb2e4bd6e76d768e4040b3462c371f62b385f616c831b7967524fd2f9
                                      • Instruction Fuzzy Hash: 69E08613B0454183FA30FA12F4515BA7330EB887D0F044071DF4E4BB829D2DE881C700
                                      Function 00007FF6996C3FE8 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: FreeTask
                                      • String ID:
                                      • API String ID: 734271698-0
                                      • Opcode ID: 5e28ae5984b5a976e60f91431f0f2898fac32a5e4daf1d6606d5b4610ef5faf6
                                      • Instruction ID: 2c8111b6d83a3a3e11d6d47872bb64c29119752671a800011dba3c9ec34ed1aa
                                      • Opcode Fuzzy Hash: 5e28ae5984b5a976e60f91431f0f2898fac32a5e4daf1d6606d5b4610ef5faf6
                                      • Instruction Fuzzy Hash: 2BF03A22A0869641FE34EF16A5513BE3261EB88BC0F449170EF4C8FB86DE2ED1528705
                                      Function 00007FF6996FBCB5 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle$FileObjectSingleWaitWrite
                                      • String ID:
                                      • API String ID: 1197516534-0
                                      • Opcode ID: 16e3ca8d15b27be602fb32ef17f29eea0c9f65f5c4a03ae35cda9fca565b324c
                                      • Instruction ID: 2c6b701091437b2c915a1ade808ee19f948926f01dca119a3d74c300597b1709
                                      • Opcode Fuzzy Hash: 16e3ca8d15b27be602fb32ef17f29eea0c9f65f5c4a03ae35cda9fca565b324c
                                      • Instruction Fuzzy Hash: 87F0B462F0D60644FE769B25291127E5555EF85BE8A4C04B2CE2C87B85CE3C9482A340
                                      Function 00007FF6996C1FB8 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID:
                                      • API String ID: 3510742995-0
                                      • Opcode ID: 8fc78fedf86278d75c02b6b352e5128d65a7be319c4dde1042275700d1cc7063
                                      • Instruction ID: 3979569555a7b90b78c74ebd4c2e0b8735015d8ea86b6ab56e0447ce62a7d029
                                      • Opcode Fuzzy Hash: 8fc78fedf86278d75c02b6b352e5128d65a7be319c4dde1042275700d1cc7063
                                      • Instruction Fuzzy Hash: D1F0CD2231465082FE109B1B990465A6A60FB81FE0F008031EF1D47F86CE3CD092A600
                                      Function 00007FF69971FC75 Relevance: 1.3, APIs: 1, Instructions: 32COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1795 7ff69971fc75-7ff69971fc82 call 7ff6997194d0 1797 7ff69971fc87-7ff69971fc90 1795->1797 1798 7ff69971fdc6-7ff69971fdd1 1797->1798 1799 7ff69971fc96-7ff69971fc9e 1797->1799 1802 7ff69971fddf-7ff69971fdea 1798->1802 1803 7ff69971fdd3-7ff69971fddc CloseHandle 1798->1803 1800 7ff69971fd21 1799->1800 1801 7ff69971fd23-7ff69971fd37 1799->1801 1800->1801 1802->1800 1803->1802
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Process$CloseCurrentHandlePrng
                                      • String ID:
                                      • API String ID: 842889843-0
                                      • Opcode ID: 743e59baabb4466784b0156bb960d8ec911500a5b6d11ba07af7e199dc48940a
                                      • Instruction ID: 0ff7467d2a15787766e9da731d76c9ba4d5b591a6439a5b4597e79b34114b092
                                      • Opcode Fuzzy Hash: 743e59baabb4466784b0156bb960d8ec911500a5b6d11ba07af7e199dc48940a
                                      • Instruction Fuzzy Hash: C3F03A2360454586E7719F25EA603BD6291EB41BECF098572DE4C8BBD5DE3DE8C2C340

                                      Non-executed Functions

                                      Function 00007FF69973A990 Relevance: 99.5, Strings: 79, Instructions: 766COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $f10$$f11$$f12$$f13$$f14$$f15$$f16$$f17$$f18$$f19$$f20$$f21$$f22$$f23$$f24$$f25$$f26$$f27$$f28$$f29$$f30$$f31$$fa0$$fa1$$fa2$$fa3$$fa4$$fa5$$fa6$$fa7$$fcc$$fcc$$fcc$$fcc$$fs0$$fs1$$fs2$$fs3$$fs4$$fs5$$fs6$$ft0$$ft1$$ft1$$ft1$$ft1$$ft2$$ft3$$ft4$$ft5$$ft6$$ft7$$ft8$$ft9$$r10$$r11$$r12$$r13$$r14$$r15$$r16$$r17$$r18$$r19$$r20$$r21$$r22$$r23$$r24$$r25$$r26$$r27$$r28$$r29$$r30$$r31$$zer$7sf$$8sf$
                                      • API String ID: 0-2955985535
                                      • Opcode ID: 00a84415b2e4998d0a363dd2d4ace21777b30d00b36b6db289e1547058b4aba2
                                      • Instruction ID: a21ed6b742ea5fa7013f3a107bfb7e264fb7f33af233e0fb58d4a43f63c82409
                                      • Opcode Fuzzy Hash: 00a84415b2e4998d0a363dd2d4ace21777b30d00b36b6db289e1547058b4aba2
                                      • Instruction Fuzzy Hash: 7742FA726590B286EB359F38F011A397FE2C75AB89F5DA0B1EA4C4DC90CE3F5492D610
                                      Function 00007FF699727770 Relevance: 43.2, APIs: 21, Strings: 2, Instructions: 2950COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • .debug_abbrev.dwo.debug_info.dwo.debug_line.dwo.debug_loc.dwo.debug_loclists.dwo.debug_rnglists.dwo.debug_str.dwo.debug_str_offsets.dwo.debug_types.dwolibrary\std\src\..\..\backtrace\src\symbolize\gimli.rs, xrefs: 00007FF69972B379
                                      • .debug_abbrev.debug_addr.debug_aranges.debug_cu_index.debug_info.debug_line.debug_line_str.debug_loc.debug_loclists.debug_ranges.debug_rnglists.debug_str.debug_str_offsets.debug_tu_index.debug_types, xrefs: 00007FF699728A37
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID: .debug_abbrev.debug_addr.debug_aranges.debug_cu_index.debug_info.debug_line.debug_line_str.debug_loc.debug_loclists.debug_ranges.debug_rnglists.debug_str.debug_str_offsets.debug_tu_index.debug_types$.debug_abbrev.dwo.debug_info.dwo.debug_line.dwo.debug_loc.dwo.debug_loclists.dwo.debug_rnglists.dwo.debug_str.dwo.debug_str_offsets.dwo.debug_types.dwolibrary\std\src\..\..\backtrace\src\symbolize\gimli.rs
                                      • API String ID: 3510742995-4060794284
                                      • Opcode ID: f6449bd41767d8e38f9263bfc99409af2e3e5bc0932f14e7d1cf41e54c8f9070
                                      • Instruction ID: 4c830cc4251eb939b55052ad7f8a90c1873bb73fcef752e6dbc6ee4ec44338e4
                                      • Opcode Fuzzy Hash: f6449bd41767d8e38f9263bfc99409af2e3e5bc0932f14e7d1cf41e54c8f9070
                                      • Instruction Fuzzy Hash: 56732732A19BC589EBB08F29D8507ED33A4FB45788F544236CA4D8FB99DF399295C340
                                      Function 00007FF69974FE00 Relevance: 33.5, APIs: 14, Strings: 7, Instructions: 1978COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID: assertion failed: buf.len() >= MAX_SIG_DIGITS$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: d.plus > 0$assertion failed: noborrowassertion failed: digits < 40assertion failed: other > 0assertion failed: !d.is_zero()_
                                      • API String ID: 3510742995-655871377
                                      • Opcode ID: 6ad3e98c884f90b5bc6cec442d51eed87ca75ea8e1f09b0dfe105d913faa0b30
                                      • Instruction ID: 6932f042d260db0966fb7082940b6b570786190baad634ef3a034a301ed0d437
                                      • Opcode Fuzzy Hash: 6ad3e98c884f90b5bc6cec442d51eed87ca75ea8e1f09b0dfe105d913faa0b30
                                      • Instruction Fuzzy Hash: 08030362A196C28AFBB4CF20D9507F923A0FB567C9F445275DA0DDBA85DF3CA681C301
                                      Function 00007FF69974FFF0 Relevance: 23.1, APIs: 6, Strings: 9, Instructions: 585COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: +NaNinf00e00E0assertion failed: ndigits > 0$assertion failed: buf.len() >= MAX_SIG_DIGITS$assertion failed: d.mant + d.plus < (1 << 61)$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: d.plus > 0$assertion failed: edelta >= 0library\core\src\num\diy_float.rs
                                      • API String ID: 0-3544694999
                                      • Opcode ID: 79376c6c0be819ca5d3616991f86a7ced4d1cfdc7bbbdc0e5876d4f0e02be714
                                      • Instruction ID: 4704657d2ca37844cf90e5a7de87c88915d9e96e307f783d66cb81c0b693d56c
                                      • Opcode Fuzzy Hash: 79376c6c0be819ca5d3616991f86a7ced4d1cfdc7bbbdc0e5876d4f0e02be714
                                      • Instruction Fuzzy Hash: 9E42E162F196C28AEBB0CF2089507F82364FB567C8F445275DA5D9BAC9DF78A6C1C301
                                      Function 00007FF699723AA0 Relevance: 21.8, APIs: 14, Instructions: 810COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f0a51d79f36a4b625d5daad74d693dc1564e18173d3cd8f5a3e89b05dea94e59
                                      • Instruction ID: eefe13183c32f42d0c5deeac69f464ffcc08c07e654a6fb79ba79badef296dcb
                                      • Opcode Fuzzy Hash: f0a51d79f36a4b625d5daad74d693dc1564e18173d3cd8f5a3e89b05dea94e59
                                      • Instruction Fuzzy Hash: 346233A2E286D244FB318E2598447BD6691EB05FE8F4441B5DE6D8F7C5DE3CE6838320
                                      Function 00007FF699775CE0 Relevance: 16.7, APIs: 1, Strings: 8, Instructions: 950COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: _assert
                                      • String ID: $(cur_match_len >= TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 1) && (cur_match_dist <= TDEFL_LZ_DICT_SIZE)$(match_len >= TDEFL_MIN_MATCH_LEN) && (match_dist >= 1) && (match_dist <= TDEFL_LZ_DICT_SIZE)$0$d->m_lookahead_size >= len_to_move$lookahead_size >= cur_match_len$max_match_len <= TDEFL_MAX_MATCH_LEN$miniz.c
                                      • API String ID: 1222420520-709428966
                                      • Opcode ID: 04a39aedaf04f6f151b943eec858ecf83e37a50d2575af202dce6b83d8f278e9
                                      • Instruction ID: 694e71e7b505fc79386fcec1dd54a808fa0d1880249251c6745b3effd0674504
                                      • Opcode Fuzzy Hash: 04a39aedaf04f6f151b943eec858ecf83e37a50d2575af202dce6b83d8f278e9
                                      • Instruction Fuzzy Hash: 1692CF72A1869286E7B48F24D4407BD37A5FB44B88F548179DA4ECB68CDF3DE885C701
                                      Function 00007FF6997140F0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 302fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy$Find$CloseErrorFileFirstLastmemset
                                      • String ID: *\\?\\??\:\\\.\\\path is not valid
                                      • API String ID: 3412300865-1181881060
                                      • Opcode ID: 33443f6899e1fdf60af055cc351df934df5838fda767555b26b954e47405b89d
                                      • Instruction ID: 2f5862af740f2b88bb3f21e6fd014e0e866ef53b6a85335418cc0d03037ad2f6
                                      • Opcode Fuzzy Hash: 33443f6899e1fdf60af055cc351df934df5838fda767555b26b954e47405b89d
                                      • Instruction Fuzzy Hash: 29C1C972B1869246FB309F6298553ED26A2FB4ABD8F004175DE5C8FBCADE3DE5418310
                                      Function 00007FF69973D671 Relevance: 15.2, Strings: 12, Instructions: 199COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: mxcs$xmm1$xmm1$xmm1$xmm1$xmm1$xmm2$xmm2$xmm2$xmm2$xmm2$xmm3
                                      • API String ID: 0-1236548232
                                      • Opcode ID: 282c2ecf0a13b10417f98fcc2de153ca1e2f6ae0caace3dd0a504f6b69fb5534
                                      • Instruction ID: 925fc9306a55d3469d296ecae7e73beec14f8003d2cf6bb00956447b7bcf8b0a
                                      • Opcode Fuzzy Hash: 282c2ecf0a13b10417f98fcc2de153ca1e2f6ae0caace3dd0a504f6b69fb5534
                                      • Instruction Fuzzy Hash: 53710B22A2C0A64BE770FE3574519396EF2DB9A7C4B64D0B2C1498EAD8DF7F9402D740
                                      Function 00007FF699717170 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 293COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ConsoleFileHandleInformationModememcpymemset
                                      • String ID: -pty$cygw$msys$win-
                                      • API String ID: 4206110311-1440016460
                                      • Opcode ID: 5b7725837cd16be9d7651fe7001e6393701df8f01cea7ab11087e54921fc731e
                                      • Instruction ID: 9c0f92175b3320e4980413f1eb55d74a7c862da545d83dc221dff5c0a187c792
                                      • Opcode Fuzzy Hash: 5b7725837cd16be9d7651fe7001e6393701df8f01cea7ab11087e54921fc731e
                                      • Instruction Fuzzy Hash: C4B12662B096D24AFB708E61C8643FE2669EB467C8F544075DE1D8FBC6CE7D9242D300
                                      Function 00007FF699727140 Relevance: 13.8, APIs: 9, Instructions: 298fileprocessCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle$FileModule32UnmapView$CreateFirstNextSnapshotToolhelp32memset
                                      • String ID:
                                      • API String ID: 2278125577-0
                                      • Opcode ID: 016300fd1fcdfac6d9336933cb7c6600dba760ac4fdae651b4ed9979cd9d6665
                                      • Instruction ID: b463f61bf17a5b9c1e39964b877955b2b3eef0a7aea1ff03207dd4d77a27dda1
                                      • Opcode Fuzzy Hash: 016300fd1fcdfac6d9336933cb7c6600dba760ac4fdae651b4ed9979cd9d6665
                                      • Instruction Fuzzy Hash: 8CE19C62A19AC189EB709F25D9403FC23A5FB44798F548279DF5C9F785DF38A685C300
                                      Function 00007FF69974B9B0 Relevance: 13.1, APIs: 5, Strings: 3, Instructions: 1128COMMON
                                      Download Yara Rule
                                      Strings
                                      • capacity overflow, xrefs: 00007FF69974C9B7
                                      • called `Result::unwrap()` on an `Err` valueErrorLayoutError, xrefs: 00007FF69974BBAF
                                      • a formatting trait implementation returned an error when the underlying stream did notlibrary\alloc\src\fmt.rs, xrefs: 00007FF69974BAF5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: a formatting trait implementation returned an error when the underlying stream did notlibrary\alloc\src\fmt.rs$called `Result::unwrap()` on an `Err` valueErrorLayoutError$capacity overflow
                                      • API String ID: 0-1329486492
                                      • Opcode ID: 6c4d2e56daff0ecd167304263bbc487717256c1edb8efd0f07cef1487183eecf
                                      • Instruction ID: 95bb5746e4a50786cb4dd2b80a27d1e6281a811618143f335a03c645a0159f1f
                                      • Opcode Fuzzy Hash: 6c4d2e56daff0ecd167304263bbc487717256c1edb8efd0f07cef1487183eecf
                                      • Instruction Fuzzy Hash: B8A23862F04BA185F7218F7498022FC6761FB5A7C8F488775EE5D9BA97DF38A2418340
                                      Function 00007FF699752030 Relevance: 11.7, Strings: 9, Instructions: 442COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: +NaNinf00e00E0assertion failed: ndigits > 0$assertion failed: buf.len() >= MAX_SIG_DIGITS$assertion failed: d.mant + d.plus < (1 << 61)$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: d.plus > 0$assertion failed: edelta >= 0library\core\src\num\diy_float.rs
                                      • API String ID: 0-3544694999
                                      • Opcode ID: 4b3ec176b76211cd2a10c7cdccc78feed1dd0a790ac80f4a690f6e5a2fb89574
                                      • Instruction ID: 51044cd5afc569cfc3f0bfeff2a0c08dd7422e49f9bf4c99176ed59af87688fc
                                      • Opcode Fuzzy Hash: 4b3ec176b76211cd2a10c7cdccc78feed1dd0a790ac80f4a690f6e5a2fb89574
                                      • Instruction Fuzzy Hash: 49F113A2B04B9986EB64CFA4E8417E827A5FB447D8F444436DE0D9BB98CF3CD586C341
                                      Function 00007FF699721A40 Relevance: 10.9, APIs: 7, Instructions: 370COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FullNamePath
                                      • String ID:
                                      • API String ID: 2482867836-0
                                      • Opcode ID: 10edb34490b38a551cd0b2d9d6e45ced2d63e1d8984cb6416219109b2a70296a
                                      • Instruction ID: fbfa68740d93a14d386ae3a5e6ea7a45ced83ef28f896bb630c624d8aa9cda38
                                      • Opcode Fuzzy Hash: 10edb34490b38a551cd0b2d9d6e45ced2d63e1d8984cb6416219109b2a70296a
                                      • Instruction Fuzzy Hash: 23E17A62A1868285FF759F2598453BD63A5FF04BD8F448076DE1C8B786EF7CE6828300
                                      Function 00007FF699777330 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 425COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: _assert
                                      • String ID: !d->m_output_flush_remaining$/$d->m_pOutput_buf < d->m_pOutput_buf_end$miniz.c
                                      • API String ID: 1222420520-939395013
                                      • Opcode ID: a487f9df0897c6ae8324075d8e35fc5177824fb5c02a170f67c9abbfe35eaa34
                                      • Instruction ID: b6c591db370732e478e3bd0aea5f1cc7c631a9ad4cec68fc6dd75d517b9ed81a
                                      • Opcode Fuzzy Hash: a487f9df0897c6ae8324075d8e35fc5177824fb5c02a170f67c9abbfe35eaa34
                                      • Instruction Fuzzy Hash: 6F121A72A04646DBD768CF39C44066C3BE6FB55B88F54857ACA09CB788EF39E845CB40
                                      Function 00007FF69973C120 Relevance: 8.3, Strings: 6, Instructions: 813COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 11tf$21tf$fs10$fs11$ft10$zero
                                      • API String ID: 0-3297899624
                                      • Opcode ID: e6a83365bf47f4fa6ebce8182dbc1526a6300701e12ed640505a6a71e3e5322c
                                      • Instruction ID: 3a5e211a59144f8c0e10f519c4c495e4ad6f3ad4d0650391e2b39655db979d43
                                      • Opcode Fuzzy Hash: e6a83365bf47f4fa6ebce8182dbc1526a6300701e12ed640505a6a71e3e5322c
                                      • Instruction Fuzzy Hash: 1F52B35276C07242F3355F38F412A3EAE93D749F89EAD90B1DA8C0DDD4DE2F1691A620
                                      Function 00007FF6996FD520 Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 360COMMON
                                      Download Yara Rule
                                      APIs
                                      • memset.MSVCRT ref: 00007FF6996FD5A5
                                      • memcpy.MSVCRT ref: 00007FF6996FD639
                                      • memset.MSVCRT ref: 00007FF6996FEBED
                                        • Part of subcall function 00007FF699720EF0: GetStdHandle.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF699720F1F
                                        • Part of subcall function 00007FF699720EF0: GetLastError.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF699720F2F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memset$ErrorHandleLastmemcpy
                                      • String ID: assertion failed: filled <= self.buf.init
                                      • API String ID: 4037564346-906094691
                                      • Opcode ID: 393289d34c21c9435a835fe3c0108e54edf3a0261968d23094b9af20abc9f286
                                      • Instruction ID: 0b8259d7e736fa8eef86e4a416bb4d53a0012dd80f7463e89448e35a80cb6ab7
                                      • Opcode Fuzzy Hash: 393289d34c21c9435a835fe3c0108e54edf3a0261968d23094b9af20abc9f286
                                      • Instruction Fuzzy Hash: DDC1E372F04B4146FA24CF62A8102B967A1FB59BC8F544876DE6E87B41DF3CF081E200
                                      Function 00007FF699777FA0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 429COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: _assert
                                      • String ID: bits <= ((1U << len) - 1U)$code < TDEFL_MAX_HUFF_SYMBOLS_2$miniz.c
                                      • API String ID: 1222420520-2298030977
                                      • Opcode ID: c075d9dd20240d24c3aa77f113a6d644868bbeba7f4ba79e2041725402f427c6
                                      • Instruction ID: 596b0c06f9c0a9a28ca8d41c33fd002263396cebed4ea5776218dc7b4cac22e8
                                      • Opcode Fuzzy Hash: c075d9dd20240d24c3aa77f113a6d644868bbeba7f4ba79e2041725402f427c6
                                      • Instruction Fuzzy Hash: 1602A732A0C291C7E7398E28D4846FD7BA1F755B88F588575CA8A8B788EF7DD405C740
                                      Function 00007FF69970DA50 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 176COMMON
                                      Download Yara Rule
                                      APIs
                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF69970DA2F), ref: 00007FF69970DA7D
                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF69970DA2F), ref: 00007FF69970DC10
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorFrequencyLastPerformanceQuery
                                      • String ID: called `Result::unwrap()` on an `Err` value$overflow when subtracting durations
                                      • API String ID: 3362413890-1633623230
                                      • Opcode ID: e110d0550d4be53cca64662aa36c9b3c1f6baef898b34e672dcbe532d5d85635
                                      • Instruction ID: 25b19d1f400dbc369e164785680a169b546e2cdefb79767ab68b0c6b72c7d4c4
                                      • Opcode Fuzzy Hash: e110d0550d4be53cca64662aa36c9b3c1f6baef898b34e672dcbe532d5d85635
                                      • Instruction Fuzzy Hash: F0611522B287924AFB35DF64DA017BD2365EF443C4F5484B6DD0E8EB85DE6EA981C340
                                      Function 00007FF699760CE0 Relevance: 6.7, APIs: 3, Strings: 1, Instructions: 706COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • assertion failed: noborrowassertion failed: digits < 40assertion failed: other > 0assertion failed: !d.is_zero()_, xrefs: 00007FF69976170F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memset
                                      • String ID: assertion failed: noborrowassertion failed: digits < 40assertion failed: other > 0assertion failed: !d.is_zero()_
                                      • API String ID: 2221118986-1476291318
                                      • Opcode ID: c484d39e8af73c0044e92734d9b92cb375ae71447c119cb24c27c06c6fbe52dd
                                      • Instruction ID: 0b0643dd6efe6488dec279a781b9ec50ebc086c33362580f0e0134df5e7b72ac
                                      • Opcode Fuzzy Hash: c484d39e8af73c0044e92734d9b92cb375ae71447c119cb24c27c06c6fbe52dd
                                      • Instruction Fuzzy Hash: DB520122B1868196EB24CF65D5087FC3361FB957D8F849271EE1E8BB94EF38A591C301
                                      Function 00007FF69974F840 Relevance: 5.4, Strings: 4, Instructions: 356COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: FFFFFFFF$FFFFFFFF$cannot parse float from empty stringinvalid float literalassertion failed: edelta >= 0library\core\src\num\diy_float.rs$d
                                      • API String ID: 0-1258069422
                                      • Opcode ID: b919c37030ce28c58c3e421755fbc5dbe9e22fe64c590991e85f27ef456516ef
                                      • Instruction ID: e442a027cd7d9f38d9626380e512f3df4df027d8dec7242d55aeb09fe3305ca4
                                      • Opcode Fuzzy Hash: b919c37030ce28c58c3e421755fbc5dbe9e22fe64c590991e85f27ef456516ef
                                      • Instruction Fuzzy Hash: C5C1AD22F08AA586EF708F2585107B96B91FF12BE4F494A71DE6D8B3C2EE3D9541C700
                                      Function 00007FF699749920 Relevance: 5.3, Strings: 4, Instructions: 306COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$Authenti$GenuineI$HygonGen
                                      • API String ID: 0-1540695585
                                      • Opcode ID: 497cf9bde67d657714d30a6a9e4ea4508630fa734bc516074808672686d99aab
                                      • Instruction ID: ee3ac5f0e0cb374782cd0daa1f38196ce4c959aaf17af4516400c6b05a0da643
                                      • Opcode Fuzzy Hash: 497cf9bde67d657714d30a6a9e4ea4508630fa734bc516074808672686d99aab
                                      • Instruction Fuzzy Hash: 23914DA3B2595106FF5C8966AC36BB94992B398BC8F08A03DDD5FDBBC5DC7CC9118240
                                      Function 00007FF6997395B6 Relevance: 5.1, Strings: 4, Instructions: 76COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: wCGR$wCGR$wCGR$wCGR
                                      • API String ID: 0-1544543998
                                      • Opcode ID: b76849e2c63d6d30d82bc14477643e3235ad5eb05f076e6cf90bd5cefba32814
                                      • Instruction ID: 109ffed9f36284740cc9d14a34c863c5d55eb56feb962d39f2530a76d4d57fe9
                                      • Opcode Fuzzy Hash: b76849e2c63d6d30d82bc14477643e3235ad5eb05f076e6cf90bd5cefba32814
                                      • Instruction Fuzzy Hash: AC21B513F1C0A68AE7718E3A705167A6ED2DB8ABC6B28C071C1998E5D4DD7AE803D740
                                      Function 00007FF69975A0E0 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 340COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memset
                                      • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
                                      • API String ID: 2221118986-3825506207
                                      • Opcode ID: 2ee8c62daf8919137ebe3993411475a7d742ad96e406f9c8ee6e6c9c5bbcabfd
                                      • Instruction ID: cbaee3b56f538fd2ab7f86dad87ce1895d640a18831ac4a65a62b2b64148fb2e
                                      • Opcode Fuzzy Hash: 2ee8c62daf8919137ebe3993411475a7d742ad96e406f9c8ee6e6c9c5bbcabfd
                                      • Instruction Fuzzy Hash: C9C1BD52714A6546DB589F3AA9012796A25FB88BE4F40D332EE2ECB7F4ED3CC540C311
                                      Function 00007FF69973D887 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 281COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • fcwfswxmm16xmm17xmm18xmm19xmm20xmm21xmm22xmm23xmm24xmm25xmm26xmm27xmm28xmm29xmm30xmm31k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17, xrefs: 00007FF69973DBC1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcmp
                                      • String ID: fcwfswxmm16xmm17xmm18xmm19xmm20xmm21xmm22xmm23xmm24xmm25xmm26xmm27xmm28xmm29xmm30xmm31k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17
                                      • API String ID: 1475443563-1161499575
                                      • Opcode ID: c263884aa9e3057750cdec65988fce9bccec6885e3903c3fde1f5f5258ffec36
                                      • Instruction ID: ca53d8e27f05d6289da36035df62b383a5af7fbd173136bf75d9349a026d8ae1
                                      • Opcode Fuzzy Hash: c263884aa9e3057750cdec65988fce9bccec6885e3903c3fde1f5f5258ffec36
                                      • Instruction Fuzzy Hash: BDA1D64192C0F646E7343F31B05257A39B2DB1EFC9F5A54B3DA898E9C4DF5EA141E220
                                      Function 00007FF6997715DD Relevance: 4.7, Strings: 2, Instructions: 2158COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2$2
                                      • API String ID: 0-3784399050
                                      • Opcode ID: c9ff9ae3ff6a2fe64a4c15407332d654a052168682713aca6000e7b424874b26
                                      • Instruction ID: cc348be97dca720746ffdaf6b8fff02e0d127179cdfb6229b8526feceeb69f74
                                      • Opcode Fuzzy Hash: c9ff9ae3ff6a2fe64a4c15407332d654a052168682713aca6000e7b424874b26
                                      • Instruction Fuzzy Hash: 282382B2A196918BD3788F24C44067C7BB1F785B89F55C27ADB4A8B749CF38D841CB60
                                      Function 00007FF699748A20 Relevance: 4.6, Strings: 3, Instructions: 821COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcmp
                                      • String ID: .llvm./rust/deps\rustc-demangle-0.1.24\src/lib.rs$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`
                                      • API String ID: 1475443563-1033176386
                                      • Opcode ID: 16589fd4f695f631ff2eb7b647e2bc6957d08e049c43548c85e5ce50ab016793
                                      • Instruction ID: 8244c89efcc16ad9597ed6a52590f75dbffd4361beecd3c2a7523a5bb076f69a
                                      • Opcode Fuzzy Hash: 16589fd4f695f631ff2eb7b647e2bc6957d08e049c43548c85e5ce50ab016793
                                      • Instruction Fuzzy Hash: 48624522E185A685F7348F2294146FD2B63FB05BD5F4542B5DE6E8B6C6DF38D940CB00
                                      Function 00007FF6996DD1D0 Relevance: 4.4, APIs: 3, Instructions: 679COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID:
                                      • API String ID: 3510742995-0
                                      • Opcode ID: 93119471c1f6efe8fbfbf97ed26e9b2a80bd43b04e852abf22b216e192d1ffd0
                                      • Instruction ID: b9c25691c295fa6e18cc53c03abb48d5612343b92286d752dbb2c096e5d98bdf
                                      • Opcode Fuzzy Hash: 93119471c1f6efe8fbfbf97ed26e9b2a80bd43b04e852abf22b216e192d1ffd0
                                      • Instruction Fuzzy Hash: 6E529162E04BC483E7218F2996012A86760FB687D8F56A721DF7D57796EF34E2D5C300
                                      Function 00007FF6996DDC80 Relevance: 4.4, APIs: 3, Instructions: 677COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c829463470470f7b4964831b1ac1f0c3118e2d0008bfd1ec6e7c66954680678c
                                      • Instruction ID: 46face8e0e4db9830c45aa599b42be6a4f3194d4eb57d05d3ba423132c1c6bd2
                                      • Opcode Fuzzy Hash: c829463470470f7b4964831b1ac1f0c3118e2d0008bfd1ec6e7c66954680678c
                                      • Instruction Fuzzy Hash: 5462C363A14BC486E7218F29C9006E97760FB687D8F569722DFAD53395EF38E295C300
                                      Function 00007FF699762B00 Relevance: 4.3, Strings: 3, Instructions: 574COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $INFINITY$NAN
                                      • API String ID: 0-3316895761
                                      • Opcode ID: e66b116a79e89db8228a9775d5b913a49cb029c4c3e7718543a81d22b4cab354
                                      • Instruction ID: 32659860063be0cf6e2765acf70c0f0730195e3d721013915b77ae6634f45c23
                                      • Opcode Fuzzy Hash: e66b116a79e89db8228a9775d5b913a49cb029c4c3e7718543a81d22b4cab354
                                      • Instruction Fuzzy Hash: 62220022F0868649FB718E64D8447B877A1EF447D8F8844B1DD4DDAB85DE2CE985C322
                                      Function 00007FF699763350 Relevance: 4.1, Strings: 3, Instructions: 332COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: <$INFINITY$NAN
                                      • API String ID: 0-2314501456
                                      • Opcode ID: 25cdb153779fdb788de3b14be86f6e6bfe9936a62491776514dcf1e098ff83ad
                                      • Instruction ID: 80c65ac37c8ac65fc85126ed2c9bfeecf06e4e999201912277e8951399074f9a
                                      • Opcode Fuzzy Hash: 25cdb153779fdb788de3b14be86f6e6bfe9936a62491776514dcf1e098ff83ad
                                      • Instruction Fuzzy Hash: 95D1E192F0868B84FB728E3988442B87B52EF417D4F4445B1D90DDE7D2EE3CA981C232
                                      Function 00007FF6996EB800 Relevance: 3.1, APIs: 1, Instructions: 1894COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70dc1c02b5097ec0f2f7ae725ff55147b625c185937b75409fc0230ca7587782
                                      • Instruction ID: 1279d9c1b7d6d80c2b308d84ab67c7dd5d3a83d27467d64d85fc02ef9041be08
                                      • Opcode Fuzzy Hash: 70dc1c02b5097ec0f2f7ae725ff55147b625c185937b75409fc0230ca7587782
                                      • Instruction Fuzzy Hash: 9D13AD72A08BD589E7718F69DC503F933A4FB04788F445225DBAD8BB89DF3992A5D300
                                      Function 00007FF699761780 Relevance: 3.1, Strings: 2, Instructions: 557COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: assertion failed: digits < 3$assertion failed: noborrowassertion failed: digits < 40assertion failed: other > 0assertion failed: !d.is_zero()_
                                      • API String ID: 0-2607668560
                                      • Opcode ID: 98b3385c3d579fad76b66177bc2c53a2ba71a8cce4d1cbd7e4d5b219d9e7a95d
                                      • Instruction ID: eecfccaf29022da24227c9a7cf787a2106a1b058b352f25e92b972061aab0b3a
                                      • Opcode Fuzzy Hash: 98b3385c3d579fad76b66177bc2c53a2ba71a8cce4d1cbd7e4d5b219d9e7a95d
                                      • Instruction Fuzzy Hash: E2220162B0968199FB318F6494543FC3BA0FB99798F4842B5DA9E8BBC1DE2CD5D1C301
                                      Function 00007FF699717D00 Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLastrecv
                                      • String ID:
                                      • API String ID: 2514157807-0
                                      • Opcode ID: 97e0600e879e761a32a99426fb51311392ce49051855d9f347c5144d9d9e71f8
                                      • Instruction ID: 26b8378146decf99107633cea9864843d1284c4272ea1217dcd6377e722627df
                                      • Opcode Fuzzy Hash: 97e0600e879e761a32a99426fb51311392ce49051855d9f347c5144d9d9e71f8
                                      • Instruction Fuzzy Hash: 3FF0D662B04A499AEB305A76DA40139A3A5EB097F0F244770CEACC7BD0DE2CE4918300
                                      Function 00007FF6996DB350 Relevance: 2.9, APIs: 2, Instructions: 425COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5de9433cb98f94a430e6aaf40341db30cdcb2d7d06c1631c28e4995252198cf9
                                      • Instruction ID: 8ffe236bf48addb334cc4f7545f73b09e7ccbd3eda1473e295c37974df4a2c67
                                      • Opcode Fuzzy Hash: 5de9433cb98f94a430e6aaf40341db30cdcb2d7d06c1631c28e4995252198cf9
                                      • Instruction Fuzzy Hash: 61029C72A18AC585EB708F35D8483ED2760F798B98F584637CA7D8B798DE39D285D300
                                      Function 00007FF6996DBA80 Relevance: 2.9, APIs: 2, Instructions: 418COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 48d0c3accc6ac4c58f77e314b3ae2c2632e14838a64a6af3b66b43d06663d990
                                      • Instruction ID: d3641e2933bc6ff022e77775ff054ebe509af67ec8353df4c3f3f79ea39f34cb
                                      • Opcode Fuzzy Hash: 48d0c3accc6ac4c58f77e314b3ae2c2632e14838a64a6af3b66b43d06663d990
                                      • Instruction Fuzzy Hash: CCF1AF72A08AC586FB708E359C483E92261F795BD8F255636CE3D8B798DE39D681D300
                                      Function 00007FF699759750 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: -+NaNinf00e00E0assertion failed: ndigits > 0$e0E0assertion failed: buf.len() >= ndigits || buf.len() >= maxlen
                                      • API String ID: 0-3864725730
                                      • Opcode ID: 547a5d9ec5138697606fc12009170360ae8bddcb2323316c68655c41b2df0fc9
                                      • Instruction ID: 3d3ed8af20774a64be8545a06da08e3166e25214f619b24773382c05a7e8ea63
                                      • Opcode Fuzzy Hash: 547a5d9ec5138697606fc12009170360ae8bddcb2323316c68655c41b2df0fc9
                                      • Instruction Fuzzy Hash: 93F1C162A08A8199F7B28F20DA403F923A5FB04388F945575DE4DDBB98EF7CD646C301
                                      Function 00007FF699769BC0 Relevance: 2.8, Strings: 2, Instructions: 288COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: -+NaNinf00e00E0assertion failed: ndigits > 0$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
                                      • API String ID: 0-1873708790
                                      • Opcode ID: b47bf52a956a6c958f1587c6764a72f770f8ed38a988b0e8f0d788a256c7815f
                                      • Instruction ID: 6ee002c748d1750ac2c980535e270634217e4295e2c54cb13771dee073299b1b
                                      • Opcode Fuzzy Hash: b47bf52a956a6c958f1587c6764a72f770f8ed38a988b0e8f0d788a256c7815f
                                      • Instruction Fuzzy Hash: 9BA16963B286558AEB24CF29D9143B837A2FB45BC5F449531DE0ECB794DE7CA905C302
                                      Function 00007FF69970DD00 Relevance: 2.8, Strings: 2, Instructions: 273COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: overflow when adding duration to instantlibrary\std\src\time.rs$overflow when subtracting duration from instant
                                      • API String ID: 0-3373325108
                                      • Opcode ID: 0565f850d5a905c63ce04a5ade45597cded546ea6001bd2c79164f9e7debcf4c
                                      • Instruction ID: cfcc648acc92db9f04cb02ffb15a2135f53b25c211190acbbf748490f1ca8ca5
                                      • Opcode Fuzzy Hash: 0565f850d5a905c63ce04a5ade45597cded546ea6001bd2c79164f9e7debcf4c
                                      • Instruction Fuzzy Hash: 77B12562F247458AEB24CF78E8443B83366EB54398F50D679C91D9AB94EF3DA185C300
                                      Function 00007FF6996D1665 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 3333$UUUU
                                      • API String ID: 0-2679824526
                                      • Opcode ID: 0b221bbdeef47010658f7fc4f1bdbca6138b9f93817a83bd168641643622ae09
                                      • Instruction ID: 8ae25a974b430e75f72bc1abc21894774c4d0539094cf83fe4a76af74983093c
                                      • Opcode Fuzzy Hash: 0b221bbdeef47010658f7fc4f1bdbca6138b9f93817a83bd168641643622ae09
                                      • Instruction Fuzzy Hash: 1FB1F372A18A8582F7398F04E4503FAB3A1FB84784F654236EBAE46794DF7CE585D700
                                      Function 00007FF69970FF10 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0123456789abcdef$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards
                                      • API String ID: 0-2027556079
                                      • Opcode ID: f125fa777c9b713af963a93f8e5d16da6fa5998d30dfe893d3f77d8afa9f9e5c
                                      • Instruction ID: f27ca463e5186099715863f368470b14b9a130f03f2aeefcd8520b2bbb24bb2c
                                      • Opcode Fuzzy Hash: f125fa777c9b713af963a93f8e5d16da6fa5998d30dfe893d3f77d8afa9f9e5c
                                      • Instruction Fuzzy Hash: 8E613752E1C6D159F3398E2445202BD3EA1E717388F0485B9EAABAF6E5CE3D9146D310
                                      Function 00007FF6996F3DD0 Relevance: 2.4, APIs: 1, Instructions: 1116COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID:
                                      • API String ID: 3510742995-0
                                      • Opcode ID: a38de8fa35f84c855b802005e72921fa9324596461d73d6f15d7b7e2412866e1
                                      • Instruction ID: 4165dbf761f802a79428905de5ad47b265e2a6901cc9f53d49c6f767e390346e
                                      • Opcode Fuzzy Hash: a38de8fa35f84c855b802005e72921fa9324596461d73d6f15d7b7e2412866e1
                                      • Instruction Fuzzy Hash: 5FB27B32A08BC189FB718F25D8447F927A1FB09788F544176DA6D8BB89DF39D694E300
                                      Function 00007FF6996CFF83 Relevance: 2.2, Strings: 1, Instructions: 994COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: assertion failed: lookahead_size >= len_to_move
                                      • API String ID: 0-1193057213
                                      • Opcode ID: f0c0ae32f07f374757cf32290c73185b533844ff279fabdaf0c837a95eb7c6d5
                                      • Instruction ID: 226dde5d9bc2917036f9983df556b6158f3ad01e152c92c45d9b670ce80cf0a7
                                      • Opcode Fuzzy Hash: f0c0ae32f07f374757cf32290c73185b533844ff279fabdaf0c837a95eb7c6d5
                                      • Instruction Fuzzy Hash: 74A2D172A0868186EB758F25E5403A9B7A0FB48780F504176EFAE87B95DF7CE4A4D700
                                      Function 00007FF6997334B6 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                      Download Yara Rule
                                      Strings
                                      • internal error: entered unreachable code/rust/deps\memchr-2.5.0\src\memmem\x86\avx.rs, xrefs: 00007FF6997334B6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: internal error: entered unreachable code/rust/deps\memchr-2.5.0\src\memmem\x86\avx.rs
                                      • API String ID: 0-3329622625
                                      • Opcode ID: 1fa760ea6060da2a839ba96ccfb6cdd64bb8e8eee01c00345c5055e6ba91de01
                                      • Instruction ID: 18e51e51e14eed28206461d8cca97ea0ee9259b22be72cb45b31dc100e32d352
                                      • Opcode Fuzzy Hash: 1fa760ea6060da2a839ba96ccfb6cdd64bb8e8eee01c00345c5055e6ba91de01
                                      • Instruction Fuzzy Hash: B0222162B086A289E7318F35A4027BD7BA1F7057C8F944272DE5E8B390DF79E556C320
                                      Function 00007FF6996C565B Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                      Download Yara Rule
                                      Strings
                                      • 0b0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19, xrefs: 00007FF6997683FB, 00007FF69976867C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0b0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
                                      • API String ID: 0-528522809
                                      • Opcode ID: fc41eb1ede8def6e6519501b13a1721de8b2c3ff54d1bada0408f23752f5a195
                                      • Instruction ID: 7317b96bda067dd1f1257da8cbae89ec249f9e3ec8159ecd49d68bf462ab4286
                                      • Opcode Fuzzy Hash: fc41eb1ede8def6e6519501b13a1721de8b2c3ff54d1bada0408f23752f5a195
                                      • Instruction Fuzzy Hash: 8AF13132A1869186E778DF24E0147F97724FB55388F80A439DE8E8BBD0DE3D9259C342
                                      Function 00007FF69975F730 Relevance: 1.6, Strings: 1, Instructions: 372COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 00000000
                                      • API String ID: 0-3221785859
                                      • Opcode ID: af8589ce7ce3c7fcc32d6d021bc8cd4f75293f8d31cfa919c749519a754305ce
                                      • Instruction ID: fe6210ae71b1d8f211a70267276b6669ef53c58e626567d3b354c16077312ae3
                                      • Opcode Fuzzy Hash: af8589ce7ce3c7fcc32d6d021bc8cd4f75293f8d31cfa919c749519a754305ce
                                      • Instruction Fuzzy Hash: 8ED13962F08B9286EBB58E3594017B92662FB557C4F048A72DD4DCFB88DF38D9428303
                                      Function 00007FF69975DBE0 Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: falsetrue
                                      • API String ID: 0-2583396087
                                      • Opcode ID: 333b635a2e3723669b4bd6ffd21f5e89aa966b3e4f75eb61e99eb9a69a60b3c7
                                      • Instruction ID: 1ef74399c28babda127be5a32554b9698020211db1cc6126e3556554725906dd
                                      • Opcode Fuzzy Hash: 333b635a2e3723669b4bd6ffd21f5e89aa966b3e4f75eb61e99eb9a69a60b3c7
                                      • Instruction Fuzzy Hash: 7EB19A82E3DBA612F6734B3955016B449009FB37E4A01D736FD7DF5BE1EF29A6829200
                                      Function 00007FF6996CF7E0 Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: assertion failed: d.params.flush_remaining == 0
                                      • API String ID: 0-1590815299
                                      • Opcode ID: 28ebf524fac9da3548d04501888575cebaec2f5e954b141b87eb25281300f406
                                      • Instruction ID: 99e9d8a01d15c2ffce9a58c95b118d42c10d20765993328a4fc9cd76c663982f
                                      • Opcode Fuzzy Hash: 28ebf524fac9da3548d04501888575cebaec2f5e954b141b87eb25281300f406
                                      • Instruction Fuzzy Hash: BCE18F32A1868683FF758F25E4507AA67A1FB49780F144075EBAE87781EF7CE485E700
                                      Function 00007FF6996F15E0 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: K
                                      • API String ID: 0-856455061
                                      • Opcode ID: 5a83610895b6275a0df5c1d904be7e79572423fd04513c0201201710ee0097df
                                      • Instruction ID: 9d344970367de894badf230ef7eddacc0aeff0024569c04efb843b6d827864b7
                                      • Opcode Fuzzy Hash: 5a83610895b6275a0df5c1d904be7e79572423fd04513c0201201710ee0097df
                                      • Instruction Fuzzy Hash: 2FE14572604BD08AE7608F75A8503ED37A1F709B8CF448166EE9D8BB49DF38D594E350
                                      Function 00007FF699767530 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                      Download Yara Rule
                                      Strings
                                      • 0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19, xrefs: 00007FF699767705, 00007FF6997678F5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
                                      • API String ID: 0-1744301434
                                      • Opcode ID: 7e6d48b9921f409afda6eccafe663c4c55996029baa0535359b0d5b94feba515
                                      • Instruction ID: 1f9af64a14e2f7c9f747e3ab86d49a2c6f2e5854c2dae8464b372e24ff9126a7
                                      • Opcode Fuzzy Hash: 7e6d48b9921f409afda6eccafe663c4c55996029baa0535359b0d5b94feba515
                                      • Instruction Fuzzy Hash: 0EB16463B243569BFB658E61C0017F93659EB003E0F80C235DE5A9B7C1DE3CA94AD342
                                      Function 00007FF699704AC0 Relevance: 1.5, APIs: 1, Instructions: 269COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorHandleLast
                                      • String ID:
                                      • API String ID: 2586478127-0
                                      • Opcode ID: c3a77a7659dfc167b9951e3cb16a26f7b73c82918e0c888b53512ff86b972212
                                      • Instruction ID: 4ea4e88ddbda19b8b13d8e31db46e13ac98b6844f17c45855e01f181ccb37092
                                      • Opcode Fuzzy Hash: c3a77a7659dfc167b9951e3cb16a26f7b73c82918e0c888b53512ff86b972212
                                      • Instruction Fuzzy Hash: 88A11462F1969696FB64CF25A8047BA27A1FF08BC4F448975DE1D9B784EE3DE841C300
                                      Function 00007FF69974D6A8 Relevance: 1.5, APIs: 1, Instructions: 248COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8cfd8f9aac5d005f5effe7e10f991f333e50d91792c8385def3c3db197be9e8d
                                      • Instruction ID: a2946e9500ab13d34f04f51a61f8c171519f729f12f66933750db46867ecd8a5
                                      • Opcode Fuzzy Hash: 8cfd8f9aac5d005f5effe7e10f991f333e50d91792c8385def3c3db197be9e8d
                                      • Instruction Fuzzy Hash: C391FF62F186528AFB258F64C5113BD27A2FB447C8F048579DE9E8B7CADE7CA184D301
                                      Function 00007FF6996F1B00 Relevance: 1.5, Instructions: 1492COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1ed5c4108878fd36a5e3834c526c42dcd4a26ca67d96f8ac191b9f19b9459e1c
                                      • Instruction ID: fcb4ff75db6c0ec7e391f21e71568c2220166fed379bb6efb0cbeedf1462def7
                                      • Opcode Fuzzy Hash: 1ed5c4108878fd36a5e3834c526c42dcd4a26ca67d96f8ac191b9f19b9459e1c
                                      • Instruction Fuzzy Hash: 03F26D72A09AC589EB70CF25D8447ED27A1FB4478CF904176DA6D8BB99DF38D684E300
                                      Function 00007FF69974DEF0 Relevance: 1.5, APIs: 1, Instructions: 230COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID:
                                      • API String ID: 3510742995-0
                                      • Opcode ID: 91e2399d64bce3925e0fc574a6f9411411028394deeeef8cfd960b717a8bd871
                                      • Instruction ID: df0a7ba9d8a502def1ea028cd57b74b6ab7098342742ab63eeb63e5184e55e21
                                      • Opcode Fuzzy Hash: 91e2399d64bce3925e0fc574a6f9411411028394deeeef8cfd960b717a8bd871
                                      • Instruction Fuzzy Hash: E281E452F186568AFB348FA5C4113BE2BA2FB147D8F048475EE9A9B7C6CE3C9580D740
                                      Function 00007FF6997075F0 Relevance: 1.5, APIs: 1, Instructions: 221COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID:
                                      • API String ID: 3510742995-0
                                      • Opcode ID: 52bf7042206c4ec709d1140cd83c46957c77448bac2f618b7226ed885e8dc275
                                      • Instruction ID: eb375ec87367e4f2481362e3182f482bf2bb3f68c20fe8c4f152f15c115f7041
                                      • Opcode Fuzzy Hash: 52bf7042206c4ec709d1140cd83c46957c77448bac2f618b7226ed885e8dc275
                                      • Instruction Fuzzy Hash: 13811422F1869199FB208E6988013FD2B95EB547D8F149975DE4E8F7C6CE3DD280D350
                                      Function 00007FF699733B40 Relevance: .8, Instructions: 823COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4cc7f7fc70cc4d9d627c7f8a61607f125909e370f033f5897c38846388d321f0
                                      • Instruction ID: 27237881e9c04a6a962ed05e27d88bc1cb2cecb1f61f71af1a866b9c0557e5d0
                                      • Opcode Fuzzy Hash: 4cc7f7fc70cc4d9d627c7f8a61607f125909e370f033f5897c38846388d321f0
                                      • Instruction Fuzzy Hash: AA62F362B19A9686EF24CF71A4056BC2BA5FB08BD8F804676DE1E8B784DF3CD541C310
                                      Function 00007FF6996F5CC0 Relevance: .7, Instructions: 690COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3f10be3bb965b73c5cf7186f5ac4efce0c3407b4514ab3a554c259235504198e
                                      • Instruction ID: 8fad3f7186a61751fd5e5b6646c7c5c4df78d6fbacf3cca8757b6c5ee11bf909
                                      • Opcode Fuzzy Hash: 3f10be3bb965b73c5cf7186f5ac4efce0c3407b4514ab3a554c259235504198e
                                      • Instruction Fuzzy Hash: 7A726872609BC589EB718F25D8403ED37A5F718B8CF108166DA6D8BB98DF34D6A5E300
                                      Function 00007FF699739E0B Relevance: .7, Instructions: 658COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f7febafc449ad527dd820e612be096fd7244767df1fa0a6f230c1668d1466552
                                      • Instruction ID: 7f1c1fdc1d30d9a52e83926a28408adee9c23faaf2e54944059041d661251625
                                      • Opcode Fuzzy Hash: f7febafc449ad527dd820e612be096fd7244767df1fa0a6f230c1668d1466552
                                      • Instruction Fuzzy Hash: 8A22F7523580B246E73ADF35A41267E7AD6C7AEB45E9ED071DA8C0EDC8C93F01D2E520
                                      Function 00007FF69973B7FD Relevance: .5, Instructions: 518COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a0fcc4ca1d148b889b724ca5ee842aa66709fb49deb4d889709a5eff6f03863e
                                      • Instruction ID: 33f0d810e16bc07070c2b371612dfb53a25be48f134cf1963f600766e0f197ad
                                      • Opcode Fuzzy Hash: a0fcc4ca1d148b889b724ca5ee842aa66709fb49deb4d889709a5eff6f03863e
                                      • Instruction Fuzzy Hash: F90273627550F346F6355F34B422F3AAFD2C74DB45E9EB0A4DA880ED81CA2F5162A720
                                      Function 00007FF699765B00 Relevance: .5, Instructions: 487COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 54ffd17927874cf30e7c0567160ff59bb1c8ec6a9dda65d97b4f79e4b905bed4
                                      • Instruction ID: 12ccc4f92495f75ce5073b024758ecce24228ae9d511f7011f47b9739bb2d5ca
                                      • Opcode Fuzzy Hash: 54ffd17927874cf30e7c0567160ff59bb1c8ec6a9dda65d97b4f79e4b905bed4
                                      • Instruction Fuzzy Hash: BAF18B62F082A605FA304E2958083787986EB55BD4F48D1B1CE5DDFBD4ED3CE882E306
                                      Function 00007FF6996E3290 Relevance: .5, Instructions: 480COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 471209bb994165aa86cff011a9eabc5ef73d51ae8b4a976d7b94964f5cf153d0
                                      • Instruction ID: ac9d93a41adb79c6ecf2931a943381511f8eaa80670a42a759e3c9710dad1a4d
                                      • Opcode Fuzzy Hash: 471209bb994165aa86cff011a9eabc5ef73d51ae8b4a976d7b94964f5cf153d0
                                      • Instruction Fuzzy Hash: 4502BE72A09B8581FE698F95C940BB967A1FB44F90F4885B9CE2D873D0DF3CD5A19310
                                      Function 00007FF699777AC0 Relevance: .3, Instructions: 319COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f38556afc9f4fb48f9c729cfe12173fb3b7baf8db300b98a8c8dcd63691113e7
                                      • Instruction ID: df78ff573c5f642f2383a6485d2171cb60e9b0845a06cca192b5fdfe60dbb800
                                      • Opcode Fuzzy Hash: f38556afc9f4fb48f9c729cfe12173fb3b7baf8db300b98a8c8dcd63691113e7
                                      • Instruction Fuzzy Hash: 5DC133B2B1815296E7348F28D4406B973D9FB88BC5F558575DB4ACB780EE79E842CB00
                                      Function 00007FF6996F3FB7 Relevance: .3, Instructions: 291COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 11713f9c325698c5a4cbdbbb9b6f7d6668058bd0e329f22ec9b794a443c06841
                                      • Instruction ID: a0247b078867ac9b2e6bbdbbaa816c9a3317d5effe71bdb70fd8bf67acab5baa
                                      • Opcode Fuzzy Hash: 11713f9c325698c5a4cbdbbb9b6f7d6668058bd0e329f22ec9b794a443c06841
                                      • Instruction Fuzzy Hash: 35C1FD32B09AD181FB718F25D844BF866A1FB59788F449076DE6D8BB85DF39DA40E300
                                      Function 00007FF6997318A0 Relevance: .3, Instructions: 283COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 45e6aef55457c2443c5b088d1397cd23672a6d7b1e857d0121abdad2503938b4
                                      • Instruction ID: 916b7e8811bb00b839747987fd4a99121b633a63e9462791292acaa358f943c9
                                      • Opcode Fuzzy Hash: 45e6aef55457c2443c5b088d1397cd23672a6d7b1e857d0121abdad2503938b4
                                      • Instruction Fuzzy Hash: F7A15363A1D4D146DA668F31A802BBD6F91FF017E9F0483B0DE6A4A7C5DE289691C300
                                      Function 00007FF69976B720 Relevance: .3, Instructions: 259COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5d685cfbb4e0108612038186cb04d13464fdb809f9b59df011451040a4bca3dd
                                      • Instruction ID: a608f7964748bc60946d794b181d1cf47a6dff48fafd87b6625f5985609838eb
                                      • Opcode Fuzzy Hash: 5d685cfbb4e0108612038186cb04d13464fdb809f9b59df011451040a4bca3dd
                                      • Instruction Fuzzy Hash: 7CA12463B1C6E18DE3218F7954105BC3FB2E757788B1C40A5EE9A5BB89CE34C152E361
                                      Function 00007FF6996D9B30 Relevance: .3, Instructions: 251COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8924e332cd299791c4bae2cd43cd037ec742393eab3221982e1d80e6e4bbfacf
                                      • Instruction ID: cd153dfb906dd6224c5a4a42ed4e3a36f8415e1da6f59ba7626ceba3dbdebe65
                                      • Opcode Fuzzy Hash: 8924e332cd299791c4bae2cd43cd037ec742393eab3221982e1d80e6e4bbfacf
                                      • Instruction Fuzzy Hash: 4791C163F049E493F751CF29D6006986320F368BD8B965322DF6E63661EB35E6DAC301
                                      Function 00007FF6996EB200 Relevance: .2, Instructions: 250COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aa471672b24d1a2ac654242ca81a1187fcbdff9b2a5c44fa8322d863862aa905
                                      • Instruction ID: 4e731eb2835bc62c04cbe2e8cad7c9bda90cfc59486bc32bfd02d04f5222fd5f
                                      • Opcode Fuzzy Hash: aa471672b24d1a2ac654242ca81a1187fcbdff9b2a5c44fa8322d863862aa905
                                      • Instruction Fuzzy Hash: 82A12572B1879186F7218FA69D007BD7FA0FB40B89F295122CE6D23784DE75C962E310
                                      Function 00007FF6996C1A31 Relevance: .2, Instructions: 229COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ec4063b42928823b40043d659ba538cc37fba7f203e95e04cb88dc07edcb3a95
                                      • Instruction ID: 588ebfb6bbbb076cf822bb285e99bb250d3fb2679ed138046b2613768470a1bb
                                      • Opcode Fuzzy Hash: ec4063b42928823b40043d659ba538cc37fba7f203e95e04cb88dc07edcb3a95
                                      • Instruction Fuzzy Hash: BF91D172B1868281FE749E1291447BA5365FF45BC0F8A5072FF6D97B85EE2CF581A300
                                      Function 00007FF6997740C0 Relevance: .2, Instructions: 213COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4bfae1d20f5ed61c0578810f1b9d3c5e2bee1aa6a44f89206bb9bac95fbb713
                                      • Instruction ID: 1a2af952ed51dc3ca356e65011587aa7af1ed53843da0364cb54f8c3ff4d73d0
                                      • Opcode Fuzzy Hash: b4bfae1d20f5ed61c0578810f1b9d3c5e2bee1aa6a44f89206bb9bac95fbb713
                                      • Instruction Fuzzy Hash: 9C915132A08646CAE7B49F29C04437C77B2F798B89F1481B6CA0D8B799CF78D445DB51
                                      Function 00007FF69975D160 Relevance: .2, Instructions: 187COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ba7d415c593592a3e4339d049df5d7c78054e37d5defce6cf568c9a001b84ead
                                      • Instruction ID: 633273c0a559d3de8a9f6041492df5db65d5b3ac1414073e01c53ba0eedcee4d
                                      • Opcode Fuzzy Hash: ba7d415c593592a3e4339d049df5d7c78054e37d5defce6cf568c9a001b84ead
                                      • Instruction Fuzzy Hash: 50615C62B285A187FBB48F2499002BD27A1F706BD8F544275DE5ADB7D4CF38D842C742
                                      Function 00007FF69976BF20 Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3ca95f9bf79cadee7fd56b3ebd1ac633b5562677c2c3978bd7e233aabedc9847
                                      • Instruction ID: 6c54c65dca2c8f8f0684e36ed9d1f11464e157f43e33cf67e750ce46c28c8203
                                      • Opcode Fuzzy Hash: 3ca95f9bf79cadee7fd56b3ebd1ac633b5562677c2c3978bd7e233aabedc9847
                                      • Instruction Fuzzy Hash: 6F5127A6F1C58552F6355F588400BF87691FB56BC0F889175EE0E8B388CE2FAB81C742
                                      Function 00007FF69976BDE0 Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e4aa9e4182f2e50364de2a15c1c1e0c896540baf561c3245e46b89c242035e23
                                      • Instruction ID: af4bbfd672b131f71f0005ebb9e6dfc4f1959dbc8944fceb7cb8424a00e64cde
                                      • Opcode Fuzzy Hash: e4aa9e4182f2e50364de2a15c1c1e0c896540baf561c3245e46b89c242035e23
                                      • Instruction Fuzzy Hash: B15127A6F1CA8552F7714F558400BF87791EB56BC1F889175EE0E8B388CE2DAB41CB02
                                      Function 00007FF69974F440 Relevance: .1, Instructions: 121COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cb85a316b1b28cddb3f2e513620ffe2f1ab2d54091b22ff193b08dd246418135
                                      • Instruction ID: a24c80ef3de5803cb9cebc29bbc503380cb7c2d0ecec7a8c725d12b1f2eb834d
                                      • Opcode Fuzzy Hash: cb85a316b1b28cddb3f2e513620ffe2f1ab2d54091b22ff193b08dd246418135
                                      • Instruction Fuzzy Hash: 45312462B2552242FF79893E8E14B7542839B45BF0E549B30ED3ECBBDAED3C95424600
                                      Function 00007FF69974F5F0 Relevance: .1, Instructions: 121COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d76be46d653f83ad5ef5210ff2a4a8b857c13a8c348d2b6131243123030b049b
                                      • Instruction ID: c3b20703a16bcc6430e8106f9d1a8d7881f885613f86968b2d0a1dac1635994f
                                      • Opcode Fuzzy Hash: d76be46d653f83ad5ef5210ff2a4a8b857c13a8c348d2b6131243123030b049b
                                      • Instruction Fuzzy Hash: 5D314852F2551683FE28893A8D157B40283DB85BF0E449735EE3ECFBE9ED3DA4428601
                                      Function 00007FF69972F960 Relevance: .1, Instructions: 64COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2a4b5aaaee95637960a634f8f5c0b021c11b7ab42145f193b07c717f66579e7b
                                      • Instruction ID: c9fd4f1585db616735e2f4b34a82e2a32199c00d935df94301ee926aeebca173
                                      • Opcode Fuzzy Hash: 2a4b5aaaee95637960a634f8f5c0b021c11b7ab42145f193b07c717f66579e7b
                                      • Instruction Fuzzy Hash: 87115EF2F384A449FBA4433C6C01F296C858B627BCB189BB4E1B9D59D2DA2DE1039240
                                      Function 00007FF699775410 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aba1ab6dce893516dd973d8d6062043ca2dc6b32030dabdcf669dbffad7919a8
                                      • Instruction ID: 270bef91586c0f07db1f11980c8a8d68533220ebcd0d012177c2311de7096e48
                                      • Opcode Fuzzy Hash: aba1ab6dce893516dd973d8d6062043ca2dc6b32030dabdcf669dbffad7919a8
                                      • Instruction Fuzzy Hash: DD012BB6B280E006DAA0CB3A4C1893937A3D7C6792354D3E0D754C7788DE3E9106C350
                                      Function 00007FF69989BC00 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0aec3db64e3363546342e52bd0275a4f14fb638a49cac29b744d853ce322a626
                                      • Instruction ID: ae949b86d8240f5a5ffb1c72263df4aa94b81b214959c1154f1d076a80059eef
                                      • Opcode Fuzzy Hash: 0aec3db64e3363546342e52bd0275a4f14fb638a49cac29b744d853ce322a626
                                      • Instruction Fuzzy Hash: B4E08CCBF5EED206F2B29D540E791242EC6DBB2618B0D44FFCB4883383AC092C044220
                                      Function 00007FF6997149E0 Relevance: 24.5, APIs: 16, Instructions: 480COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Handle$ErrorLast$CloseCurrentDuplicateFileInformationProcess
                                      • String ID:
                                      • API String ID: 780345077-0
                                      • Opcode ID: fa595bb786642aa90b0f86602a881c96c3f209be46b40bff5e1dd4c68d7be299
                                      • Instruction ID: f81e35d2d5a64d8f921fa23141203d23156754c1d0eb378303ce2d9cb9698597
                                      • Opcode Fuzzy Hash: fa595bb786642aa90b0f86602a881c96c3f209be46b40bff5e1dd4c68d7be299
                                      • Instruction Fuzzy Hash: 0612BE62B0865286FB349F2198513BD26A0FF4ABC8F548075EE4D9BB8ADF3DE545C340
                                      Function 00007FF699739484 Relevance: 24.1, APIs: 8, Strings: 8, Instructions: 107COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcmp
                                      • String ID: ACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPIDRRO_EL0TPIDR_EL0TPIDR_EL1TPIDR_EL2$SPSR$wR10$wR11$wR12$wR13$wR14$wR15
                                      • API String ID: 1475443563-3862453883
                                      • Opcode ID: b1a7e97f954b030fc789617bde8c08a95522fe00320205b97ede5649c0ca8685
                                      • Instruction ID: b48f08b28bce3a6d99f8faf5c6a152f29a33847356295d260ffbbabf34849f0c
                                      • Opcode Fuzzy Hash: b1a7e97f954b030fc789617bde8c08a95522fe00320205b97ede5649c0ca8685
                                      • Instruction Fuzzy Hash: 76415BA6E1C202C5FA345E76B9422BA2550DF41BC2F1440B6CE0EDF6D1EE7DE902D24A
                                      Function 00007FF6996FA0C0 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 359COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$DirectoryEnvironmentProfileUserVariable
                                      • String ID: HOMEUSERPROFILE\\.\pipe\__rust_anonymous_pipe1__.$called `Result::unwrap()` on an `Err` value
                                      • API String ID: 3506484248-3720404459
                                      • Opcode ID: d7c07abaf9e50158387b918093629f4ed8af412cfd5b6e1afa6d678d6fcc476a
                                      • Instruction ID: 8e79bd8c7f90c748b0ef24f43f3f3e8f1228d8441e33ab27080a40684720334d
                                      • Opcode Fuzzy Hash: d7c07abaf9e50158387b918093629f4ed8af412cfd5b6e1afa6d678d6fcc476a
                                      • Instruction Fuzzy Hash: 6CF18172A08AC289FB359F6599053F92355FB05BD8F444175DE6C9B78AEE2CE381E300
                                      Function 00007FF699723F30 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 479COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FullNamePath
                                      • String ID: \\?\$\\?\UNC\
                                      • API String ID: 2482867836-3019864461
                                      • Opcode ID: 1c0334674d31efb89d2c775229443127f9b9b7c2417acaa84a4584124165a396
                                      • Instruction ID: 5674717c84269cb92d35ed3932ab659fe7bdc84ff3d1970d34ef89cb67c74509
                                      • Opcode Fuzzy Hash: 1c0334674d31efb89d2c775229443127f9b9b7c2417acaa84a4584124165a396
                                      • Instruction Fuzzy Hash: BE12C162A186D285EB709F26D8443BD27A5FB09BD4F4441B6DA5D8F7C9DF3CE6828300
                                      Function 00007FF6996F9400 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 408COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$CaptureContextCurrentDirectoryEnvironmentExceptionRaiseStringsUnwindabort
                                      • String ID: Vars$called `Result::unwrap()` on an `Err` value$innerVarsOs
                                      • API String ID: 1982851867-2235028769
                                      • Opcode ID: 81f0b5ad55a65d210555d28c0575d3fbac638c4c01551ab7b438c5771c1c0d3a
                                      • Instruction ID: c22c7a85e2c1877b460040bd29c0a688a1139d68fff44365d30701b6a36eced6
                                      • Opcode Fuzzy Hash: 81f0b5ad55a65d210555d28c0575d3fbac638c4c01551ab7b438c5771c1c0d3a
                                      • Instruction Fuzzy Hash: 53F1BF32A18B9299FB309F61A8007E93764FB06799F444575EE6C97B89DF3CA641E300
                                      Function 00007FF6996E5EA0 Relevance: 15.5, APIs: 8, Strings: 2, Instructions: 483COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • assertion failed: new_left_len <= CAPACITY, xrefs: 00007FF6996E6263
                                      • assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}, xrefs: 00007FF6996E6833
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID: assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: new_left_len <= CAPACITY
                                      • API String ID: 3510742995-2079967719
                                      • Opcode ID: 857e78b8965fadb09579569978df2369435fc3f52ba0ba4689f9be7771eada54
                                      • Instruction ID: 3a3a34537f3678ee02e364cddad35e9f750c9b0188a363a506dfbed414a2dbee
                                      • Opcode Fuzzy Hash: 857e78b8965fadb09579569978df2369435fc3f52ba0ba4689f9be7771eada54
                                      • Instruction Fuzzy Hash: 1C427B32614BC185EB21CF68EC403F937A8FB58788F548226DE9D9B795DF7892A5D300
                                      Function 00007FF69971FBB7 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 238COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Handle$CurrentDuplicateProcess$CloseErrorLast
                                      • String ID: RUST_MIN_STACK$cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs$failed to spawn thread
                                      • API String ID: 120317985-141927316
                                      • Opcode ID: 33c01649a479cf9f13bc2aed1aa42619e88183e4b36295e1086b4b6008fb862b
                                      • Instruction ID: 80c7c89cccf86cb9226f4c969e33cd8ff8f71c09a8660c060046d8f5722396c8
                                      • Opcode Fuzzy Hash: 33c01649a479cf9f13bc2aed1aa42619e88183e4b36295e1086b4b6008fb862b
                                      • Instruction Fuzzy Hash: 34B17022A19A4286F7309F60D8113BD37A0FB49798F444A76EA8D8B796DF3DE545C340
                                      Function 00007FF69973D44B Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 125COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17vr18vr19vr20vr21vr22vr23vr24vr25vr26vr27vr28vr29vr30vr31vscrtfhartfiartexasrDW_SECT_IN, xrefs: 00007FF69973D4DB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcmp
                                      • String ID: k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17vr18vr19vr20vr21vr22vr23vr24vr25vr26vr27vr28vr29vr30vr31vscrtfhartfiartexasrDW_SECT_IN
                                      • API String ID: 1475443563-2406371666
                                      • Opcode ID: 46757cf382599927a8d4a0aabcd9331590dbb94c894263678a18449331760e8c
                                      • Instruction ID: 9fb63f56d088f015665947ee032c96d17decb84267086d2b4e35f5ce464199b0
                                      • Opcode Fuzzy Hash: 46757cf382599927a8d4a0aabcd9331590dbb94c894263678a18449331760e8c
                                      • Instruction Fuzzy Hash: CF414B41A6C14786FA307E36BA821B82562DF11BC5F5468B2DD0DCEAD5EF5EF940D202
                                      Function 00007FF699725E00 Relevance: 12.7, APIs: 10, Instructions: 158COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: 1de102185da3bb913713fa39b87b29e93cb6e956dc5f28ed214f9f23d1630ec3
                                      • Instruction ID: 2e83aa62ab4d829d013f2126b1b29823a7323ac214b99f4873366dd795e9ed1c
                                      • Opcode Fuzzy Hash: 1de102185da3bb913713fa39b87b29e93cb6e956dc5f28ed214f9f23d1630ec3
                                      • Instruction Fuzzy Hash: D8512521F2A75256EB795E12420037C6392EF56FC0F8C80B9DE0D9FB85DE39B8439281
                                      Function 00007FF69976D7A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: QueryVirtual
                                      • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                      • API String ID: 1804819252-1534286854
                                      • Opcode ID: 4fd57c9b88b693a7d41eaaea85bb8feca93a6b3e80787ddb801d584a8055ed59
                                      • Instruction ID: 5113f3be71917b903d8542de7b1995c7ab19447d568508de89e7ec008295594c
                                      • Opcode Fuzzy Hash: 4fd57c9b88b693a7d41eaaea85bb8feca93a6b3e80787ddb801d584a8055ed59
                                      • Instruction Fuzzy Hash: BD51E032A08B4692EB309F52E9406AA77A0FF99BD4F484675DE4D8B395EF3CE441C740
                                      Function 00007FF699706B00 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 116networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF699706C3C
                                      • assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00007FF699706C24
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLastclosesocket$setsockopt
                                      • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
                                      • API String ID: 3650012124-513854611
                                      • Opcode ID: 0002f7e1c8230d6538c6647e2cc2e5e4f76dd2597bc40ffbbab599012fc03b46
                                      • Instruction ID: b30312f24a3b0732d5f3d37546bef2044bcafe98f901f44eac3432cf5123f967
                                      • Opcode Fuzzy Hash: 0002f7e1c8230d6538c6647e2cc2e5e4f76dd2597bc40ffbbab599012fc03b46
                                      • Instruction Fuzzy Hash: BA41B062A0869189F7309F65E4012ED7771EF843A8F548235EF9D4BB94EF3EA681C340
                                      Function 00007FF699707C60 Relevance: 12.1, APIs: 8, Instructions: 70networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$Socket$HandleInformationclosesocketmemset
                                      • String ID:
                                      • API String ID: 3407399761-0
                                      • Opcode ID: 9fae1a40f16f2f3957333c6efa841f139f9f280d079620cbfc37dba620905ab4
                                      • Instruction ID: 5a5bb393b6675c69d8753bfd49090961752b0016a66bfe7f52ba06d60b5a352d
                                      • Opcode Fuzzy Hash: 9fae1a40f16f2f3957333c6efa841f139f9f280d079620cbfc37dba620905ab4
                                      • Instruction Fuzzy Hash: 3E217C21A081514AF730EE35D4453B93654EB853F8F2847B0EE6C9BBC9DE2EAD42C751
                                      Function 00007FF6997393AE Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 55COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcmp
                                      • String ID: SPSR_ABT$SPSR_FIQ$SPSR_IRQ$SPSR_SVC$SPSR_UND$TPIDRUROTPIDRURWTPIDPRHTPIDPRSPLRPCACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPI
                                      • API String ID: 1475443563-2082546588
                                      • Opcode ID: f5176a462027b55d940c15e46d0c21bb11bd80f3f09bc554bb613763e8c96442
                                      • Instruction ID: d825e6e57c1f26d767a5450aaaf17d0d116435a4bdebb9691314e425c1286917
                                      • Opcode Fuzzy Hash: f5176a462027b55d940c15e46d0c21bb11bd80f3f09bc554bb613763e8c96442
                                      • Instruction Fuzzy Hash: F3115866E1E54AC0EE300E7674413BA1184EF54BC6E1064B6CA4EEF3D0ED3EA8469246
                                      Function 00007FF6996F9C40 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 217COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • environment variable not foundenvironment variable was not valid unicode: , xrefs: 00007FF6996F9FC5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$EnvironmentVariable
                                      • String ID: environment variable not foundenvironment variable was not valid unicode:
                                      • API String ID: 2691138088-3632183283
                                      • Opcode ID: 0342860675461f0b20e08d9a2fdbebe81f3f7dcae1fddb8a0acb782e836da0a9
                                      • Instruction ID: be25578efd15ebdf39acdcf28f47e036ac879cace1d8cd466994e0afe079cf57
                                      • Opcode Fuzzy Hash: 0342860675461f0b20e08d9a2fdbebe81f3f7dcae1fddb8a0acb782e836da0a9
                                      • Instruction Fuzzy Hash: A0A17D72A04AC289FB319F25D8453E92365FB05B8CF544175DE2C9BB9ADF38A291E300
                                      Function 00007FF69970D280 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Address$Wake$Single$ErrorLastWait
                                      • String ID: called `Result::unwrap()` on an `Err` value
                                      • API String ID: 798958160-2333694755
                                      • Opcode ID: cd302619e39ff7fc371fd1f27c6b2ef57ef3d3f9db92bdbf5a41809f3225fba1
                                      • Instruction ID: d468a3d6ec870356fcf8f31c8bdbcb28891268be3eb354bcaf00d0e334fe247d
                                      • Opcode Fuzzy Hash: cd302619e39ff7fc371fd1f27c6b2ef57ef3d3f9db92bdbf5a41809f3225fba1
                                      • Instruction Fuzzy Hash: 5F51A122A1878296FB319F61A4012BE77A0FB057D4F4445B6DEAD8B6C2DE3EF146C340
                                      Function 00007FF699726960 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 120networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF699726A68
                                      • assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00007FF699726A50
                                      • addr, xrefs: 00007FF699726AF7
                                      • socketOwnedSocketpanicked at :library\std\src\panic.rs, xrefs: 00007FF699726B21
                                      • TcpListenerUdpSocket.debug_abbrev.dwo.debug_info.dwo.debug_line.dwo.debug_loc.dwo.debug_loclists.dwo.debug_rnglists.dwo.debug_str.dwo.debug_str_offsets.dwo.debug_types.dwolibrary\std\src\..\..\backtrace\src\symbolize\gimli.rs, xrefs: 00007FF699726AA4
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: TcpListenerUdpSocket.debug_abbrev.dwo.debug_info.dwo.debug_line.dwo.debug_loc.dwo.debug_loclists.dwo.debug_rnglists.dwo.debug_str.dwo.debug_str_offsets.dwo.debug_types.dwolibrary\std\src\..\..\backtrace\src\symbolize\gimli.rs$addr$assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs$socketOwnedSocketpanicked at :library\std\src\panic.rs
                                      • API String ID: 1452528299-2367200954
                                      • Opcode ID: b7692c3181e534528fca3b5291e6f43b8c9235abbe8294c103fbf7ebbb6e7eec
                                      • Instruction ID: d6ce42909674c2272089f4ebdf2d828db69508a17dfc4f1c0075397ca3c6780c
                                      • Opcode Fuzzy Hash: b7692c3181e534528fca3b5291e6f43b8c9235abbe8294c103fbf7ebbb6e7eec
                                      • Instruction Fuzzy Hash: 9A51B422E1869298F7319FA4E4022FC7370FF40358F44917AEE8C9A655EF3CA286C341
                                      Function 00007FF69970B8E0 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 307COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$AppData/Roaming/.ini$assertion failed: is_code_point_boundary(self, new_len)
                                      • API String ID: 3510742995-3583678413
                                      • Opcode ID: ed0b1ed9c4e76238d366cb2176a840bfc7e87afff67f0850cb94e2065038582c
                                      • Instruction ID: aac9b4e1cc9665d05c1bf72fc24c05b230894f5dce9641d7fb45417728b51225
                                      • Opcode Fuzzy Hash: ed0b1ed9c4e76238d366cb2176a840bfc7e87afff67f0850cb94e2065038582c
                                      • Instruction Fuzzy Hash: DDB1D2A2F0869145FF259F6299012BD6760FF45BC8F488475DE0D9B78AEE3DE681C310
                                      Function 00007FF699722020 Relevance: 9.2, APIs: 6, Instructions: 249COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FullNamePathmemcpy
                                      • String ID:
                                      • API String ID: 674145353-0
                                      • Opcode ID: ea713346e84e7ddf4ad49fcad697a07c0b7a6ead2b039cd3169ce72f6521a79b
                                      • Instruction ID: 19d9a73b502a6343ff14265c272020941f40edd3548c52f7ab4cdca7662189d2
                                      • Opcode Fuzzy Hash: ea713346e84e7ddf4ad49fcad697a07c0b7a6ead2b039cd3169ce72f6521a79b
                                      • Instruction Fuzzy Hash: 78A19B62B18B8286EB799F2299443FD6255FF04BD8F548076DE0C9F78ADE3DE6418300
                                      Function 00007FF6996F89A0 Relevance: 9.2, APIs: 6, Instructions: 182COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: AddressCaptureContextEntryFunctionLookupSingleUnwindVirtualWakememset
                                      • String ID:
                                      • API String ID: 2014759167-0
                                      • Opcode ID: ce05b5f1b0968bff98fb8539160eb74b56b2da164e2f5dde1405df35c6bed6d5
                                      • Instruction ID: 0b4b07b29e6492968a91d7fb87898279db17a86355a8d8fd05064baf05448863
                                      • Opcode Fuzzy Hash: ce05b5f1b0968bff98fb8539160eb74b56b2da164e2f5dde1405df35c6bed6d5
                                      • Instruction Fuzzy Hash: 26914972A19BC188FBB08F24D9403E933A0FB5579CF044179DA5E8BB99DF389684D304
                                      Function 00007FF699715CA0 Relevance: 9.2, APIs: 6, Instructions: 177COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$Handle$CloseFinalNamePath
                                      • String ID:
                                      • API String ID: 3328380333-0
                                      • Opcode ID: 336c2ffac5990d8a0d3afad687ed349e86d2a9f8363363dc888a5a201cb45549
                                      • Instruction ID: f3a40c14a7d6a713ce83df1d0f3cd524e88be4f0e88b693e11d5f6fb1288c6e0
                                      • Opcode Fuzzy Hash: 336c2ffac5990d8a0d3afad687ed349e86d2a9f8363363dc888a5a201cb45549
                                      • Instruction Fuzzy Hash: 0F61C062A18BC24AFB359F25A8553F92365FB05BD8F108171DE5C9FB86DF7CA2848300
                                      Function 00007FF69971F377 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 128COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                      • API String ID: 2962429428-4245703473
                                      • Opcode ID: 688fe29e9296e47face9f1dc11be20400f2cec6343617790042bbab9edfb9346
                                      • Instruction ID: 57e32200910fed4593fa2c9210dd3ac6401978525d29f92a7cf380c73dd6c646
                                      • Opcode Fuzzy Hash: 688fe29e9296e47face9f1dc11be20400f2cec6343617790042bbab9edfb9346
                                      • Instruction Fuzzy Hash: 80514162A0858186EB709E2299257F92760EF46BD8F4448B6DE0DCF796DE3DE541C201
                                      Function 00007FF6996F7940 Relevance: 9.1, APIs: 6, Instructions: 92timesleepsynchronizationCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandleTimerWaitable$CreateObjectSingleSleepWait
                                      • String ID:
                                      • API String ID: 2261246915-0
                                      • Opcode ID: 72e9249e10d04ea31e222df16e307ed292eb138d76baae3c62a0bd4991e56d0a
                                      • Instruction ID: 41c084b3fad704c9ad8480004b39c5923ed3e78fc402063dea8d45a64d6d4fcb
                                      • Opcode Fuzzy Hash: 72e9249e10d04ea31e222df16e307ed292eb138d76baae3c62a0bd4991e56d0a
                                      • Instruction Fuzzy Hash: DE213932F0960206FF7C9E792912334704ADFC57A8E099276EE3ED67D5DD3DA600A600
                                      Function 00007FF6997176B0 Relevance: 9.1, APIs: 6, Instructions: 68networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$HandleInformationSocketclosesocket
                                      • String ID:
                                      • API String ID: 1159780279-0
                                      • Opcode ID: 89236558c6572c69d8797d5ee2b66b3e15e28f56c0e71b4a2d265fc120f2cf61
                                      • Instruction ID: e4237eb9e201f7c168c3545bfe7f5e6c627fa5cd19070856028967c880fb8e36
                                      • Opcode Fuzzy Hash: 89236558c6572c69d8797d5ee2b66b3e15e28f56c0e71b4a2d265fc120f2cf61
                                      • Instruction Fuzzy Hash: BF11A221B0816547F7306D79D1157652584EB853F8F184370EE6C8FBC6DE7EA8828B00
                                      Function 00007FF699739672 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • R8_U, xrefs: 00007FF699739672
                                      • R8_F, xrefs: 00007FF6997396AD
                                      • R9_F, xrefs: 00007FF6997396C9
                                      • TPIDPRHTPIDPRSPLRPCACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPIDRRO_EL0TPIDR_EL, xrefs: 00007FF6997396E5
                                      • R9_U, xrefs: 00007FF699739691
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcmp
                                      • String ID: R8_F$R8_U$R9_F$R9_U$TPIDPRHTPIDPRSPLRPCACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPIDRRO_EL0TPIDR_EL
                                      • API String ID: 1475443563-1802361725
                                      • Opcode ID: 337bd77bac466ef6af75d31728e79a359992667c230a7dcc0bfcfa1e8b9874c2
                                      • Instruction ID: d6cec8aae03d2c1b26e87f4d5a51eaa1388f06cc379be0c90a5b3ddb019a48ea
                                      • Opcode Fuzzy Hash: 337bd77bac466ef6af75d31728e79a359992667c230a7dcc0bfcfa1e8b9874c2
                                      • Instruction Fuzzy Hash: 80118223E2942687F7708E34B401AB755D0DF05BD6B146070C94DCE6E0EE3EE8419A94
                                      Function 00007FF699710CE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 265COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: AddressSingleWake
                                      • String ID: <unnamed>$Box<dyn Any>aborting due to panic at $cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs$main
                                      • API String ID: 3114109732-1706025368
                                      • Opcode ID: cc1f5c3ede89e59188035ade7fb4191775b5214d3450f7d0f3e2e747f2a7ef4b
                                      • Instruction ID: fc863495fb72440ed2637480c09c5af4481b55542d3ddccafe416aa00d8a01d6
                                      • Opcode Fuzzy Hash: cc1f5c3ede89e59188035ade7fb4191775b5214d3450f7d0f3e2e747f2a7ef4b
                                      • Instruction Fuzzy Hash: 85C1AA22A0DA828AFB319F21D4213BD27A0EB56BC8F4845B6DA4D8F795DF3DE155C340
                                      Function 00007FF699720970 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 182COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Handle$CloseConsoleErrorLastMode
                                      • String ID: called `Result::unwrap()` on an `Err` value
                                      • API String ID: 1170577072-2333694755
                                      • Opcode ID: 9a240e39ae01fc025df27896c0cb0527f168890a567fce761ed590246fcb4a1e
                                      • Instruction ID: 7f94601c00a26c96b16682e2b0570d71295264353d02fabd84f265107cd41bd1
                                      • Opcode Fuzzy Hash: 9a240e39ae01fc025df27896c0cb0527f168890a567fce761ed590246fcb4a1e
                                      • Instruction Fuzzy Hash: 6E81D2A1A2868299FB30DF60D9503FC2B60EB457D8F4484B5DE4D9FAC5DE3CA186C361
                                      Function 00007FF6996F7AC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 175COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • use of std::thread::current() is not possible after the thread's local data has been destroyedlibrary\std\src\thread\mod.rs, xrefs: 00007FF6996F7BCF, 00007FF6996F7D19
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Value$AddressErrorLastWait
                                      • String ID: use of std::thread::current() is not possible after the thread's local data has been destroyedlibrary\std\src\thread\mod.rs
                                      • API String ID: 1881407604-63010627
                                      • Opcode ID: c63a79c920b23dd25f0e73757991695bfd17002a75ce36b5631c1c8cc01a7c61
                                      • Instruction ID: 58f57e064ee409ab31b414369f7ed83c74f70088ed516e55b2973f6a32082b32
                                      • Opcode Fuzzy Hash: c63a79c920b23dd25f0e73757991695bfd17002a75ce36b5631c1c8cc01a7c61
                                      • Instruction Fuzzy Hash: 2E513732F19A4659FB359F6098012BD3768EF41798F5881B6DE2DDBBC5DE2CA142E300
                                      Function 00007FF69970F310 Relevance: 8.0, APIs: 3, Strings: 2, Instructions: 498COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID: PATHlibrary\std\src\sys_common\process.rs$assertion failed: self.height > 0
                                      • API String ID: 3510742995-3507162100
                                      • Opcode ID: a087237bcf938bba385ece63445749f83ecff70f4101cd1bdba2c2cdc9de05ae
                                      • Instruction ID: 437cbe66809b21ede1814bb1b434630462eacd6668bbdf0e81dd98eca264707e
                                      • Opcode Fuzzy Hash: a087237bcf938bba385ece63445749f83ecff70f4101cd1bdba2c2cdc9de05ae
                                      • Instruction Fuzzy Hash: A032A062A08BC184FB329F25D8413F863A0FB54BD8F144576DE4D5BB96EF39A296C300
                                      Function 00007FF6996E3A70 Relevance: 7.9, APIs: 2, Strings: 3, Instructions: 364COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF6996E3A71
                                      • assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}, xrefs: 00007FF6996E5E73
                                      • assertion failed: old_left_len >= count, xrefs: 00007FF6996E4C1A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: old_left_len >= count
                                      • API String ID: 3510742995-2606162457
                                      • Opcode ID: 4930317a2fd92120e4bc59f8b9b2d04c06098b35c20cfe02a10b2916d063e656
                                      • Instruction ID: fd13519f37c80abe64e01bd1d47505724315bb21bef7f5db1d52ed800e490c9f
                                      • Opcode Fuzzy Hash: 4930317a2fd92120e4bc59f8b9b2d04c06098b35c20cfe02a10b2916d063e656
                                      • Instruction Fuzzy Hash: 0DE1EE72B09B8182FB658F65D8407B963A0FB44F94F44817ADE2D97391DF38E6A1D310
                                      Function 00007FF699723550 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 267COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                      • API String ID: 3510742995-4245703473
                                      • Opcode ID: 5c48e4c39586f8f585aba54d1f6d3e192b2042a8855fe34e5db6de5f69e32e97
                                      • Instruction ID: 0cde937ae84ff8c13c14742325355a457ae5f6cdf35edfe799fec85963a4e5bb
                                      • Opcode Fuzzy Hash: 5c48e4c39586f8f585aba54d1f6d3e192b2042a8855fe34e5db6de5f69e32e97
                                      • Instruction Fuzzy Hash: 3BA1D362F2875286FE208F6189006BD6B61FB05FE8F448975DE1D9BB85DF7CE1429320
                                      Function 00007FF6996E54E0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 157COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy
                                      • String ID: assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: new_left_len <= CAPACITY$assertion failed: old_left_len + count <= CAPACITY
                                      • API String ID: 3510742995-3535459961
                                      • Opcode ID: 70168d065c6a3ca59545dac05477e4dd7e94a6eca155fb99468ba8c209af9471
                                      • Instruction ID: 17813f5dd23fa341dea9321f31d18d8eb0a46aff37aa8d551ca7d68f23f80aba
                                      • Opcode Fuzzy Hash: 70168d065c6a3ca59545dac05477e4dd7e94a6eca155fb99468ba8c209af9471
                                      • Instruction Fuzzy Hash: 59817D32A04BD585E721CF69EC403F933A4FB58788F508626DE9C57769EF3992A5D300
                                      Function 00007FF69971F3A5 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 125COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                      • API String ID: 2962429428-4245703473
                                      • Opcode ID: e4ed8d0c59601023ecf3ebc2ed2f1d44bedde78b38ba1afae8e28cebf9c8ba44
                                      • Instruction ID: e68d9410f55a77a778fab22eecf51148d090451d9a8c3cdc8a8bbb7ddbe16caf
                                      • Opcode Fuzzy Hash: e4ed8d0c59601023ecf3ebc2ed2f1d44bedde78b38ba1afae8e28cebf9c8ba44
                                      • Instruction Fuzzy Hash: DE415062A0858186EF709E2298257FA2760FF46BD8F4448B6DE0DCF796DE3DE541C301
                                      Function 00007FF6997149AF Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Handle$CloseErrorLast$CaptureContextCurrentDuplicateExceptionFileInformationProcessRaiseUnwindabort
                                      • String ID:
                                      • API String ID: 2398512715-0
                                      • Opcode ID: 2a9a63a5c51e4ae2e041a984ddb3fe8cf30ee60039ed46be4040ab2850f78299
                                      • Instruction ID: 25e8edc87d0dc91216023e5e3e59a1d42c9777481115c279b68dfc62af88e314
                                      • Opcode Fuzzy Hash: 2a9a63a5c51e4ae2e041a984ddb3fe8cf30ee60039ed46be4040ab2850f78299
                                      • Instruction Fuzzy Hash: EC518C61A0869186FB30DF6298503AD3AA0FB49BC8F544079EE5D9BB8ADF3DD541C350
                                      Function 00007FF6997149BD Relevance: 7.6, APIs: 5, Instructions: 120COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Handle$CloseErrorLast$CaptureContextCurrentDuplicateExceptionFileInformationProcessRaiseUnwindabort
                                      • String ID:
                                      • API String ID: 2398512715-0
                                      • Opcode ID: 3f9d3ba5f8cf9a9dbdc0e8823d5924defbe24b305d70f605ddd3a73a9d1875cd
                                      • Instruction ID: 920a4ca01d7f5b84ff05c1bc216c3bc9834225013c24ab5082076f71bfd8f708
                                      • Opcode Fuzzy Hash: 3f9d3ba5f8cf9a9dbdc0e8823d5924defbe24b305d70f605ddd3a73a9d1875cd
                                      • Instruction Fuzzy Hash: 9451AD61A086918AFB70DF6298103AD3AA0FB49BC8F144079EF4D9BB8ADF3DD541C350
                                      Function 00007FF6997149AD Relevance: 7.6, APIs: 5, Instructions: 120COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Handle$CloseErrorLast$CaptureContextCurrentDuplicateExceptionFileInformationProcessRaiseUnwindabort
                                      • String ID:
                                      • API String ID: 2398512715-0
                                      • Opcode ID: 2cbd4b93b1fdbf49ea5ddf19e712c76ba39d30064725973a3d0f1b7b650741c6
                                      • Instruction ID: bf874f20eeb86efcdbca10ac6fe704a4148b5208d1556c1d5179334aa5c6c3ad
                                      • Opcode Fuzzy Hash: 2cbd4b93b1fdbf49ea5ddf19e712c76ba39d30064725973a3d0f1b7b650741c6
                                      • Instruction Fuzzy Hash: 0A518D61A086918AFB70DF6298503AD3AA0FB49BC8F144079EF5D9BB8ADF3DD541C350
                                      Function 00007FF6996CCA22 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 104COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memset$memcpy
                                      • String ID: called `Result::unwrap()` on an `Err` value
                                      • API String ID: 368790112-2333694755
                                      • Opcode ID: 4cbe8cef9f4af3c343089b7fc2546a25a23e1012423a499d9c6326e6b748fc09
                                      • Instruction ID: 4e60cbf96919f560377e3830296757d5ade74abddd949156b5d94162372f93ed
                                      • Opcode Fuzzy Hash: 4cbe8cef9f4af3c343089b7fc2546a25a23e1012423a499d9c6326e6b748fc09
                                      • Instruction Fuzzy Hash: E6418E32A08B8482E735CB26E9513EAB361FB99784F018235EFDD46791CF7DE1968740
                                      Function 00007FF699717830 Relevance: 7.6, APIs: 5, Instructions: 93networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$connectioctlsocket
                                      • String ID:
                                      • API String ID: 1971785428-0
                                      • Opcode ID: 0db338ea5928d33d7f0d60137e2a4ec9b44759f720c3e057481c14978456a539
                                      • Instruction ID: 4f5631792fc7d545d8acead3d1aa6e09f4e44286c97a87145210960a78de5681
                                      • Opcode Fuzzy Hash: 0db338ea5928d33d7f0d60137e2a4ec9b44759f720c3e057481c14978456a539
                                      • Instruction Fuzzy Hash: EA31FE22A186D196E3309F7598827FA36A8EB453C8F155272DE1C8B3C0EF3CE695C351
                                      Function 00007FF69971FB8B Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorHandleLast$CurrentDuplicateProcess
                                      • String ID:
                                      • API String ID: 3697983210-0
                                      • Opcode ID: e16d268964d62feb434ca1289034d1693678657d648a729bbab490d3768ff12e
                                      • Instruction ID: ff95601d94a54f875799d55ba27c16d80a7e102192454b24b091af3aa32cc090
                                      • Opcode Fuzzy Hash: e16d268964d62feb434ca1289034d1693678657d648a729bbab490d3768ff12e
                                      • Instruction Fuzzy Hash: 3E117362E0821145FB30DE70A4163B93590EB493F8F1806B1DEAC9BBC5DE7DE4819751
                                      Function 00007FF69976D980 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 240memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualProtect.KERNEL32(00007FF69989A1B0,00007FF69989A1B8,00000001,?,?,?,?,?,00007FF6996C1224,?,?,?,00007FF6996C13E6), ref: 00007FF69976DB5D
                                      Strings
                                      • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF69976DCCA
                                      • Unknown pseudo relocation bit size %d., xrefs: 00007FF69976DCB4
                                      • Unknown pseudo relocation protocol version %d., xrefs: 00007FF69976DCD6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                      • API String ID: 544645111-1286557213
                                      • Opcode ID: 96b70dcdced3092a79e7ce9b1dbf8396ced5d4e9346ba3b35ff7dc70d908fabe
                                      • Instruction ID: 423bef30fb74a6b18a7b0955e2e4070d1722e754e135bdc9e6545a4186f6a717
                                      • Opcode Fuzzy Hash: 96b70dcdced3092a79e7ce9b1dbf8396ced5d4e9346ba3b35ff7dc70d908fabe
                                      • Instruction Fuzzy Hash: BB91E422E2D51787EA305F229D402793261FF957E4F0486B5C92D9FBD8EE2CE801C602
                                      Function 00007FF69971F837 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseEnvironmentFreeHandleStrings
                                      • String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                      • API String ID: 2431795302-4245703473
                                      • Opcode ID: 339552d0491dd970e688072a4d3e833ad330e0bb19627bfc62c7994c053cb7c5
                                      • Instruction ID: 17878e04f50de385c0313401c64b0f906045d0b1565ca8ba8976e9bd777b13e5
                                      • Opcode Fuzzy Hash: 339552d0491dd970e688072a4d3e833ad330e0bb19627bfc62c7994c053cb7c5
                                      • Instruction Fuzzy Hash: 83417F62B1868292EF30AE6299116FA2764FF46BC8F444876DE0DCF796DE3DE541C300
                                      Function 00007FF69971F86C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseEnvironmentFreeHandleStrings
                                      • String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                      • API String ID: 2431795302-4245703473
                                      • Opcode ID: 5892b2aeae5a605133dc5c31f380f1318e5ef878c0ed1329628f4a0257264dd3
                                      • Instruction ID: 457a55dd426730ae21bc7dc149d27539bbb86ac70ee182866203f961d81dac17
                                      • Opcode Fuzzy Hash: 5892b2aeae5a605133dc5c31f380f1318e5ef878c0ed1329628f4a0257264dd3
                                      • Instruction Fuzzy Hash: CC319062A04A8192EB30AF62DC112FA2764FF46BD4F444876DE0ECB796DE3DE541C340
                                      Function 00007FF69976DD36 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: CCG
                                      • API String ID: 0-1584390748
                                      • Opcode ID: 7c3cbd8d043dbe7ee500ad9f982921b101fb08654013cfecdcbfb32fbcfe9d66
                                      • Instruction ID: 4c41bec00c8d05d506ff6b7818de418ae9abbf2dc8f490c51053e1ab0a64e1a5
                                      • Opcode Fuzzy Hash: 7c3cbd8d043dbe7ee500ad9f982921b101fb08654013cfecdcbfb32fbcfe9d66
                                      • Instruction Fuzzy Hash: CF216B61E2914243FAB96A6589503783182FF997E0F1989B7CA5DCE3D1DE1CB8D1C213
                                      Function 00007FF699721620 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72synchronizationCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseErrorHandleLastObjectSingleWait
                                      • String ID: SystemTime
                                      • API String ID: 2173817864-2656138
                                      • Opcode ID: ff0f429e8c35159ba724ebe3e140afce189a4b087dba9546ca4afad030b3a720
                                      • Instruction ID: cdc93c39145552987616a48694508c4d1025f6402d92d92ec203072c8f2eb81b
                                      • Opcode Fuzzy Hash: ff0f429e8c35159ba724ebe3e140afce189a4b087dba9546ca4afad030b3a720
                                      • Instruction Fuzzy Hash: 0421AB22B08B41A8FB209F61E4413FC3774EB04798F640576DE5C9AB95EF39A286C341
                                      Function 00007FF69971351B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorFileFindLastNextmemcpy
                                      • String ID: .
                                      • API String ID: 3684451505-248832578
                                      • Opcode ID: a83ac0a17b572a24873920af1541633784511c8d531b9238f944e5b3122dba3d
                                      • Instruction ID: 6902c78cc600e87064f37b201b2e7c100887428f3951d1ea427af2eb3011c49c
                                      • Opcode Fuzzy Hash: a83ac0a17b572a24873920af1541633784511c8d531b9238f944e5b3122dba3d
                                      • Instruction Fuzzy Hash: D3119122B0461286FB719E65A4513B931A0EB85BC4F984071DE8DCA6C1EF3DE5C2C371
                                      Function 00007FF69972011C Relevance: 6.3, APIs: 5, Instructions: 82COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle$CaptureContextExceptionRaiseUnwindabort
                                      • String ID:
                                      • API String ID: 2844319690-0
                                      • Opcode ID: 975a99299f8ffc9ecd3e1650fc6ac5b5f2ae9dc632a12cd14d0f2060783305b7
                                      • Instruction ID: cc8bed3706eb2da5a0edaf9cfa68abec6f6ff42a64375a4590f771f1491d5a4d
                                      • Opcode Fuzzy Hash: 975a99299f8ffc9ecd3e1650fc6ac5b5f2ae9dc632a12cd14d0f2060783305b7
                                      • Instruction Fuzzy Hash: 0C413572A08B5289EB20EF61E8513EC3BB4FB44788F504475DA4C9BB86DF799199C341
                                      Function 00007FF699705700 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 205COMMON
                                      Download Yara Rule
                                      APIs
                                      • memset.MSVCRT ref: 00007FF699705753
                                        • Part of subcall function 00007FF699720EF0: GetStdHandle.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF699720F1F
                                        • Part of subcall function 00007FF699720EF0: GetLastError.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF699720F2F
                                      • memcpy.MSVCRT ref: 00007FF699705850
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorHandleLastmemcpymemset
                                      • String ID: assertion failed: filled <= self.buf.init
                                      • API String ID: 3211292799-906094691
                                      • Opcode ID: 9f2c9f5d79112fe39365158ab55285c7026b61322db35e62fa8adb01d7bd1f22
                                      • Instruction ID: 409948df17b1b696a60f1e7106348b9a4ecd2d63724e2ad0867b69a9f22f286f
                                      • Opcode Fuzzy Hash: 9f2c9f5d79112fe39365158ab55285c7026b61322db35e62fa8adb01d7bd1f22
                                      • Instruction Fuzzy Hash: CC71BDA2B18B4186EB24CF66D9411B93B62FB44BC8B588875CE1C9B794DF3DE052D300
                                      Function 00007FF699705BB0 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: freeaddrinfo
                                      • String ID:
                                      • API String ID: 2731292433-0
                                      • Opcode ID: 16ed5cc825eb54a38bdbfcfb039228942f1d86979281abac1946a1295f4e2622
                                      • Instruction ID: 64c11e81d014afe270b3b5e15a140e4b205d169291f37f2edce89f453d95e73a
                                      • Opcode Fuzzy Hash: 16ed5cc825eb54a38bdbfcfb039228942f1d86979281abac1946a1295f4e2622
                                      • Instruction Fuzzy Hash: 8D717922A04A918AE724DF75D4412ED77B0FB48B8CF148126EF4D9BB49EF39D9A1C350
                                      Function 00007FF69971B300 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 142COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memcpy$CloseHandle
                                      • String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                      • API String ID: 2153058950-2658723938
                                      • Opcode ID: 5ccdc7d7fc3b5eee296fd75cbb4314273ad49aacba613200f771a09f63a16e49
                                      • Instruction ID: fa1fc7f165b4ef6ecdec286fa6be9e261136a5ecea009a71bb4cdea8f2ac6af1
                                      • Opcode Fuzzy Hash: 5ccdc7d7fc3b5eee296fd75cbb4314273ad49aacba613200f771a09f63a16e49
                                      • Instruction Fuzzy Hash: 3D41F222B08A5196FA35AF1299502B82B50FB4AFD4F484171DF0D8BB96DF3CE5A38300
                                      Function 00007FF699721C00 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FullNamePathmemcmp
                                      • String ID:
                                      • API String ID: 2929619185-0
                                      • Opcode ID: 92a81ae790cde6e2ad8ab26dfe0cb6653e1814c53c6e8b7d79e8b7a2654fb407
                                      • Instruction ID: 713d20afdbc865583f5ab5a0eb8f0558afcd4cda7c18cc9887d62fea31d549a0
                                      • Opcode Fuzzy Hash: 92a81ae790cde6e2ad8ab26dfe0cb6653e1814c53c6e8b7d79e8b7a2654fb407
                                      • Instruction Fuzzy Hash: D331BF26A14BC149EB719F61A8847EE3794FB05BD8F540175DE5C9F7C5CE79A3818300
                                      Function 00007FF699717E60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 145networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF699718046
                                      • assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00007FF69971802E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
                                      • API String ID: 1452528299-513854611
                                      • Opcode ID: aed944820c4ff97ba46419a47c76fa312d113af2be5a85ce08e8b0606597aa19
                                      • Instruction ID: 1d67ba134f48d045d04e7274dce0f1f325207c20d5b1908df3787cce0f618480
                                      • Opcode Fuzzy Hash: aed944820c4ff97ba46419a47c76fa312d113af2be5a85ce08e8b0606597aa19
                                      • Instruction Fuzzy Hash: F151CC32A085918AF7748F65E4416FD77B4FB44394F20812AEE998BB94EF3CA582C740
                                      Function 00007FF699725B40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                      Download Yara Rule
                                      APIs
                                      • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,00000000,?,00007FF699711DCA), ref: 00007FF699725BBE
                                      • TlsSetValue.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF699711DCA), ref: 00007FF699725C19
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: AddressSingleValueWake
                                      • String ID: assertion failed: is_unlocked(state)
                                      • API String ID: 741412973-3502192491
                                      • Opcode ID: da2c4ba34aa77a352e36bf536d0e6d29029739b6ea50faa7ea929ed43c8ffefd
                                      • Instruction ID: 2046d3b41aba1911abc983254aa816cd34df0b54cc1dda027ed88c22f1907dff
                                      • Opcode Fuzzy Hash: da2c4ba34aa77a352e36bf536d0e6d29029739b6ea50faa7ea929ed43c8ffefd
                                      • Instruction Fuzzy Hash: 1A21E422F1A5064AFB365E1555003BE3291DF99B98F78C0B8DA0D8F385ED3D9983C381
                                      Function 00007FF699721740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                      Download Yara Rule
                                      APIs
                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00007FF69970D9B8,?,?,?,?,?,?,00007FF6996F7A96), ref: 00007FF699721765
                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF69970D9B8,?,?,?,?,?,?,00007FF6996F7A96), ref: 00007FF699721800
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: ErrorFrequencyLastPerformanceQuery
                                      • String ID: called `Result::unwrap()` on an `Err` value
                                      • API String ID: 3362413890-2333694755
                                      • Opcode ID: 125f12cbf819ad59ff386bc5975b7acf701ca1fb5fc1d74b55788fa64a06a3e6
                                      • Instruction ID: b09d8e4378634050e139c932b09bd1c7fe4483cb30d1cf4f1a2efa51a54c2cf1
                                      • Opcode Fuzzy Hash: 125f12cbf819ad59ff386bc5975b7acf701ca1fb5fc1d74b55788fa64a06a3e6
                                      • Instruction Fuzzy Hash: F731DF51B1878642EB28DF66A8112B93796EBC4BC0F5880B6DD0ECB795DE2CA542C340
                                      Function 00007FF69970D990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                      Download Yara Rule
                                      APIs
                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,00007FF6996F7A96), ref: 00007FF69970D9A6
                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF6996F7A96), ref: 00007FF69970D9C0
                                        • Part of subcall function 00007FF699721740: QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00007FF69970D9B8,?,?,?,?,?,?,00007FF6996F7A96), ref: 00007FF699721765
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: PerformanceQuery$CounterErrorFrequencyLast
                                      • String ID: called `Result::unwrap()` on an `Err` value
                                      • API String ID: 158728112-2333694755
                                      • Opcode ID: 5bc127802c3df2079730c422be3828e83479d8627c7c24287756ef6ca370a142
                                      • Instruction ID: 36fdf4548794efa82d154f1282f9ba36943ce9ce983000a206e6f29429e803d4
                                      • Opcode Fuzzy Hash: 5bc127802c3df2079730c422be3828e83479d8627c7c24287756ef6ca370a142
                                      • Instruction Fuzzy Hash: D811A122A18A8299EB24AF70D4422FD3764FF84384F5445B6DE4DCA79ADE2CE652C341
                                      Function 00007FF699717C60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • assertion failed: socket != sys::c::INVALID_SOCKET as RawSocketlibrary\std\src\os\windows\io\socket.rs, xrefs: 00007FF699717C87
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Socketmemsetrecv
                                      • String ID: assertion failed: socket != sys::c::INVALID_SOCKET as RawSocketlibrary\std\src\os\windows\io\socket.rs
                                      • API String ID: 1952720251-42570012
                                      • Opcode ID: 18c7bb4dfbb0b872742dc44238251bf92bb93ec967aacfa1f0eec4458d7dcfab
                                      • Instruction ID: 1046b84b0da6918946e57b5b9dd004efbb496041fb3ea94dc2b5cee423cccd26
                                      • Opcode Fuzzy Hash: 18c7bb4dfbb0b872742dc44238251bf92bb93ec967aacfa1f0eec4458d7dcfab
                                      • Instruction Fuzzy Hash: 5A012821B145469AFB746E74D0552B82359DB853B4F684371D93DCA7D0DE2CD581C200
                                      Function 00007FF69976D690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: fprintf
                                      • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                      • API String ID: 383729395-3474627141
                                      • Opcode ID: 325970b99f59e992869b15b547b78a0270b7646e7ed450ca3ae991192f7a869d
                                      • Instruction ID: f4ae2b90cc37e2d4b91f582e426fab18768c967d176fe490c182cc7995857ef0
                                      • Opcode Fuzzy Hash: 325970b99f59e992869b15b547b78a0270b7646e7ed450ca3ae991192f7a869d
                                      • Instruction Fuzzy Hash: D0018263D1CF8482D6158F2CD9001BA7331FFAE789F259325EA8C6A525DF28E592C700
                                      Function 00007FF69976D730 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: fprintf
                                      • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                      • API String ID: 383729395-2713391170
                                      • Opcode ID: 6eb4b77c4f8eaeccad83fc189a02852e575d745d1ffcaaaa937404e0f1d88fc3
                                      • Instruction ID: a6489ab57dae99d5355c624fc34b97fd5b561dba864f00dc383069341be57137
                                      • Opcode Fuzzy Hash: 6eb4b77c4f8eaeccad83fc189a02852e575d745d1ffcaaaa937404e0f1d88fc3
                                      • Instruction Fuzzy Hash: FCF06253C08E8482D2128F2DA8001AB7334FF9D788F145326EF8D6A556EF28E582C710
                                      Function 00007FF69976D740 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: fprintf
                                      • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                      • API String ID: 383729395-4283191376
                                      • Opcode ID: c2ec67f7798fbaf6a926c8f2ca5cc0b96a5e3d9249152667c1d4eac8be866468
                                      • Instruction ID: d21cde549f676ced177d08d4b504528cd7d102dafe3e09d8cbb7117e47aad417
                                      • Opcode Fuzzy Hash: c2ec67f7798fbaf6a926c8f2ca5cc0b96a5e3d9249152667c1d4eac8be866468
                                      • Instruction Fuzzy Hash: A1F06253C08E8482D2228F2DA8001AB7334FF9D7D8F155326EE8D6A556EF28E582C710
                                      Function 00007FF69976D750 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: fprintf
                                      • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                      • API String ID: 383729395-4064033741
                                      • Opcode ID: 3cb0424a8953d48a008c56219b0bef7cf853752c9e33e66b8e5c155e833ea758
                                      • Instruction ID: 7b2a874c11100c689074dcad3f7698ca7d109bd4fc5d63cc400f1a3c32284390
                                      • Opcode Fuzzy Hash: 3cb0424a8953d48a008c56219b0bef7cf853752c9e33e66b8e5c155e833ea758
                                      • Instruction Fuzzy Hash: ADF06253C08E8882D2128F2DA8001AB7334FF9D788F145326EE8D6A556EF28E592C710
                                      Function 00007FF69976D760 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: fprintf
                                      • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                      • API String ID: 383729395-2187435201
                                      • Opcode ID: 74f6f8cb7482b7fac668cf4040dadbe3c3bfaaa47e60ece2ce6dc68220263ba8
                                      • Instruction ID: 22a0504576436341fd5eec88d29519634c25d3f0b777518ad29870ba9fc405e5
                                      • Opcode Fuzzy Hash: 74f6f8cb7482b7fac668cf4040dadbe3c3bfaaa47e60ece2ce6dc68220263ba8
                                      • Instruction Fuzzy Hash: 41F06253C08E8482D2128F2DA8001AB7334FF9D788F145366EE8D6A556EF29E592C710
                                      Function 00007FF69976D770 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: fprintf
                                      • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                      • API String ID: 383729395-4273532761
                                      • Opcode ID: 03791ac738d86c5becd05f1d06faabf352435464b988844d8f4eb4cb428f2bb6
                                      • Instruction ID: bdb038594f9f949edb26b75c2b3282c979b001aa1a52c07ca7d13943b0f9e5bf
                                      • Opcode Fuzzy Hash: 03791ac738d86c5becd05f1d06faabf352435464b988844d8f4eb4cb428f2bb6
                                      • Instruction Fuzzy Hash: 1FF06253C08E8482D2128F2DA8001AB7334FF9D788F155326EE8D6A516DF28E582C710
                                      Function 00007FF69976D6C8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: fprintf
                                      • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                      • API String ID: 383729395-2468659920
                                      • Opcode ID: 044f746fec8141a5650da142353fa8f6c9191853f4d67955629525536e3646b3
                                      • Instruction ID: 3b0eab0a81712aac0e59c847bd133901ff4e904de90594af9c44d85686e0cf68
                                      • Opcode Fuzzy Hash: 044f746fec8141a5650da142353fa8f6c9191853f4d67955629525536e3646b3
                                      • Instruction Fuzzy Hash: 0AF09653C08E8482D2128F2DA8001AB7334FF5D788F145326EF8D6A516DF29E582C710
                                      Function 00007FF69972C120 Relevance: 5.1, APIs: 4, Instructions: 89COMMON
                                      Download Yara Rule
                                      APIs
                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF699711E04), ref: 00007FF69972C142
                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF699711E04), ref: 00007FF69972C1A3
                                      • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF699711E04), ref: 00007FF69972C1B3
                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF699711E04), ref: 00007FF69972C202
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: a05e09182db94a876affe21de00ebe067f77ea428299a94fd0279bedaa08db00
                                      • Instruction ID: 310946adfaf938c2a2127730b30c62cc8997ada68b1c064afabc4842680b94a7
                                      • Opcode Fuzzy Hash: a05e09182db94a876affe21de00ebe067f77ea428299a94fd0279bedaa08db00
                                      • Instruction Fuzzy Hash: 48318D22F2965242FA756E1589023BD22A1EF99BC0F4C44F5DE4DCB7C6DE3EA8128340
                                      Function 00007FF69972C030 Relevance: 5.1, APIs: 4, Instructions: 75COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: 1ddc5afa2437382de4da30d14379927b5c5762f07e08f54a2fa18bdb4944adac
                                      • Instruction ID: 83b47d6f1f082aeb603d2b27b998aff0ca4d0b7b74ec72137d76206010e59894
                                      • Opcode Fuzzy Hash: 1ddc5afa2437382de4da30d14379927b5c5762f07e08f54a2fa18bdb4944adac
                                      • Instruction Fuzzy Hash: 7E21DE21F1929246FA715F25490137D6A81EF4ABD0F0C80F5DE4DDB7C2ED3EA8428340
                                      Function 00007FF6996D3D0F Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: memset$memcpy
                                      • String ID:
                                      • API String ID: 368790112-0
                                      • Opcode ID: 3a4eb231362921433dc93685f34cfa11d0ceaa83893d8fe4e9e3e3f5a0c8f505
                                      • Instruction ID: e9e43d5358f87e2d942eee28d23aeb7460f285f6dbf6839c4c85dd30701ac2c5
                                      • Opcode Fuzzy Hash: 3a4eb231362921433dc93685f34cfa11d0ceaa83893d8fe4e9e3e3f5a0c8f505
                                      • Instruction Fuzzy Hash: EA010002B2438107F3289632A501BEB6902AB97384F048130DF894B6C2DF6DB685C703
                                      Function 00007FF6996D7DD0 Relevance: 5.0, APIs: 4, Instructions: 33COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: d0a462f04c941b5b32d0d3707874af4f94b5957b79f4ef2077f52d904a13b6a9
                                      • Instruction ID: b1f2ff2c8a7c4b6dd840e35b02efeec406dd4f9f071083fe2170496357e93ec5
                                      • Opcode Fuzzy Hash: d0a462f04c941b5b32d0d3707874af4f94b5957b79f4ef2077f52d904a13b6a9
                                      • Instruction Fuzzy Hash: 99F06222E0884183F635EE16E4453B972A0EB84BD4F185471DF5E866D1CF3DE8C2C302
                                      Function 00007FF699707E30 Relevance: 5.0, APIs: 4, Instructions: 30COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1750111642.00007FF6996C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6996C0000, based on PE: true
                                      • Associated: 00000000.00000002.1750087232.00007FF6996C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750265903.00007FF69977B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750320696.00007FF69977C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750435239.00007FF69989B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750463184.00007FF69989C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.1750489646.00007FF69989F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ff6996c0000_81zBpBAWwc.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: d3428f1d18ea7f16bbf651ebddb4d5a6dda2196743fbc2f30ef966f6f9ec0f8f
                                      • Instruction ID: 370637e269606680930afce04cc1e28adf73e76642fe095b4fea51a4c8ea8169
                                      • Opcode Fuzzy Hash: d3428f1d18ea7f16bbf651ebddb4d5a6dda2196743fbc2f30ef966f6f9ec0f8f
                                      • Instruction Fuzzy Hash: DDF01D22A0594595EB35EE2AD8457B837A4EB84FCCF181571DE0C8A695CF3ED882C302